have been fighting authentication issues with ldap for a while now with iPrint printing. testing on a 32 bit vista machine with 5.08 iprint client and also latest vista novell client. sometimes i can print, and sometimes i cannot while receiving authentication errors... i'll explain the situations below...

when the machine is first booted, i'll log into the novell client and also the local windows machine with passwords just fine. upon inspection of the 'password' tab on the iprint dialog box, it looks like this...
http://srv2.lycoming.edu/~ensanian/novell/2.jpg
notice it has full and complete directory name
if i then open, say a text document, and try to print it, i get authentication failure window, asking if i want to try again. i can try again with same userid i originally logged in with, but it fails. here is the apache error log entry...

[Mon Nov 17 09:35:05 2008] [warn] [client 1.2.211.143] [28] auth_ldap authenticate: user CN=Ensanian,OU=ITS,OU=ACAD,O=LYCO authentication failed; URI /ipp/P_ITS [User not found][No such object]

and here is the failure in dstrace...

LDAP: [2008/11/17 9:35:05] DoSearch on connection 0x958fd9a0
LDAP: [2008/11/17 9:35:05] Search request:
base: "o=lyco"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectClass=user)(uid=CN=Ensanian,OU=ITS,OU=AC AD,O=LYCO))"
no attributes
LDAP: [2008/11/17 9:35:05] Empty attribute list implies all user attributes
LDAP: [2008/11/17 9:35:05] Sending operation result 0:"":"" to connection 0x958fd9a0
LDAP: [2008/11/17 9:35:05] Operation 0x18:0x63 on connection 0x958fd9a0 completed in 0 seconds

HOWEVER.... if after that printing attempt... i try logging in with a different userid than originally logged in.. it works... and then the 'password' tab on the iprint dialig window looks something like this...
http://srv2.lycoming.edu/~ensanian/novell/1.jpg

notice its JUST a userid, not the full name

and also a good entry is seen in the apache log...

[Mon Nov 17 09:35:12 2008] [debug] mod_auth_ldap.c(411): [client 1.2.211.143] [28] auth_ldap authenticate: accepting cn=Ensanian,ou=ITS,ou=ACAD,o=LYCO

and a good entry seen in dstrace...

LDAP: [2008/11/17 9:35:12] DoSearch on connection 0x958fd9a0
LDAP: [2008/11/17 9:35:12] Search request:
base: "o=lyco"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectClass=user)(uid=ensanian))"
no attributes
LDAP: [2008/11/17 9:35:12] Empty attribute list implies all user attributes
LDAP: [2008/11/17 9:35:12] Sending search result entry "cn=Ensanian,ou=ITS,ou=ACAD,o=LYCO" to connection 0x958fd9a0
LDAP: [2008/11/17 9:35:12] Sending operation result 0:"":"" to connection 0x958fd9a0
LDAP: [2008/11/17 9:35:12] Operation 0x19:0x63 on connection 0x958fd9a0 completed in 0 seconds

--------------------------------------------
You can see the difference between the failing and successing dstrace entries is in the filters part... and you can relate this to what the iPrint dialog screens have as listed credentials..

So, the main question is, why is this happening. Why are the iPrint credentials being populated in different manners?? - this is make or breaking my iPrint functionality! I need to be able to log into a vista machine, and have iPrint printing work without asking me to login again (and without having to be a different user to work!)