Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.
GroupWise Support Pack 2
Novell GroupWise 6
GroupWise LDAP Authentication
Authenticating to a different NDS tree for LDAP
LDAP Error 34: Invalid dn syntax.
GroupWise was building an invalid distinguished name to be passed to LDAP for the other tree
The reason that the dn is reported as being invalid is due to the manner in which the GroupWise Post Office Agent builds the distinguished name that is passed to the LDAP server. GroupWise takes the typeful distinguished NDS name of the user and converts it to an LDAP typeful distinguished name. Thus, cn=user.ou=org.o=novell.t=novell_tree becomes
cn=user, ou=org, o=novell.tree=novell_tree. Since the authentication is being done to an external tree, the tree name will obviously not match and the authentication will fail.
There are two possible solutions to this problem the first is to populate the LDAP Authnentication field on the properties of the user, GroupWise Account tab. This should be populated with the LDAP distinguished name without the tree name:
cn=user, ou=org, o=novell
This will have to be done for each user.
The other solution requires GroupWise 6 Support Pack 2 or later. If the LDAPX.DLL for Windows or the LDAPX.NLM for NetWare is renamed in the directory where the POA executables are found, then the POA will use the NDS Email Address Attribute to authenticate. This attribute is populated automatically by GroupWise if Internet Addressing is enabled. The POA then passes the mail attribute as well as the password supplied by the user logging in to authenticate against LDAP. The other tree must have an exact match in the email address attribute for the authentication to be successful.
There are three Groupwise LDAP modules:
The modify Date on the LDAP modules shipped with Netware 6.5 Support Pack 2 is 11/14/2003.