Hi,
AuthLDAPEnabled on AuthType Basic AuthName "Test Directory" AuthLDAPURL ldap://192.168.12.29/?cn AuthLDAPCompareDNOnServer off AuthLDAPGroupAttributeIsDN on AuthLDAPRemoteUserIsDN on AuthLDAPGroupAttribute member #Require group CN=SNC Require valid-user </Directory>
I think you should use Did you perform an ldapsearch against you domino directory and do you see in the members list the use you are trying to authenticate? you should use this for the ldapsearch: "(&(objectClass=dominoGroup)(cn=SNC))"
The agent from IBM told me that they cannot use uid for authentication, but it was working. I did change to cn instead, but things are identical either way. With the config as-is above, the site works. But, if I change the valid-user to group, it breaks.
Using the cn should be fine. Are you sure you really need " AuthLDAPGroupAttributeIsDN on" and "AuthLDAPRemoteUserIsDN on". I would remove them, especially because I see them indicated as experimental on the apache's web site and I don't think you need them.
P.S. I didn't notice this response until you responded to my re-post. I'm sorry for re-posting, but I use Lotus Notes for e-mail and it is very difficult to keep track of these threads on such a high-volume list. I haven't been able to figure out how to get Notes to view the [opensuse] messages in a threaded view.
There is a View by Thread on the Lotus Notes client but the fact is that, for most of the mailing list I use gmail and I've been using Thunderbird to read my lotus email for the past few months -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org