LDAP Contextless Login not finding user's context

  • 7015422
  • 24-Jul-2014
  • 24-Jul-2014

Environment

Novell Client 2 SP3 for Windows

Situation

After enabling LDAP Contextless login on Novell Client, the "Context" field is not filled in when logging in a user for the first time.
 
Error: "LDAP Contextless Login: User not found after searching the trees on the following LDAP server(s):"

Resolution

Grant rights to the "CN" attribute.
 
1. Open iManager
   a. In a browser, enter the URL:
                    https://<ip address of your LDAP server>/nps/servlet/webacc
2. Under "Roles and Tasks" choose "Rights" then "Modify Trustees"
3. Using the Object Selector (magnifying glass), select the Tree object, which is displayed as a tree icon with the name of your tree. Click OK.
4. The list of Trustees for the Tree object is displayed. Locate the [Public] object in the list of trustees, and click on the "Assigned Rights" link.
5. Look for either "[All Attributes Rights]" "CN" in the "Properties Names" list.
   a. If either of these is present, ensure that the "Compare" and "Read" Assigned Rights are checked, and that the "Inherit" checkbox is checked.
   b. If  neither of these is present, click the "Add Property" button and choose either "[All Attribute Rights] or "CN" (you may need to check the "Show all properties in schema" checkbox to see the CN property name). CN is the only property LDAP Contextless login requires the [Public] object to have. Then, ensure that the "Compare" and "Read" Assigned Rights are checked, and that the "Inherit" checkbox is checked.
6. Click the "Done" button.
7. Click the "Apply" button on the "Modify Trustees" page.
 
If you are using a proxy user instead of the [Public] user, follow these same steps for the proxy user.

Cause

LDAP Contextless Login cannot find the user in the NetIQ eDirectory tree because the object being used to search the tree does not have trustee rights to view the CN property of the user object it is searching for.

Additional Information

See the Novell Client 2 SP3 for Windows Administration Guide, section 8.8 "Setting up LDAP Contextless Login and LDAP Treeless Login".