Environment
iPrint Appliance 1.1 patch 1,2,3 and 4
Situation
After import a wildcard certificate, set it as active, run the cert_patch.sh script and reboot the appliance, MC console and iManager are using the new wildcard certificate but trying to access the /psmstatus page fails, keep asking for user name and password.
Resolution
Change the AuthLDAPDNURL on the /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf file from localhost to appliance ip address:
From AuthLDAPDNURL "ldaps://localhost/???(objectClass=user)"
To AuthLDAPDNURL "ldaps://ip address appliance/???(objectClass=user)"
Restart apache:
rcapache2 restart
From AuthLDAPDNURL "ldaps://localhost/???(objectClass=user)"
To AuthLDAPDNURL "ldaps://ip address appliance/???(objectClass=user)"
Restart apache:
rcapache2 restart
Cause
For a wildcard certificate to properly work with the appliance, on the /etc/hosts file the first entry after the appliance ip address has to be the cn name of the wildcard certificate. For that reason when accessing the /psmstatus page, the ip address has to be used on iprint_ssl.conf file instead of the localhost.
Additional Information
Error_log file showed the following when using debug log level in apache and trying to authenticate using the admin user:
14:11:29 2015] [info] Subsequent (No.2) HTTPS request received for child 1 (server iprint.appliance:443)
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(1000): [client 192.168.2.146] [651] authnz_ldapdn authenticate: user admin authentication; URI /psmstatus [checking check_password_function] 0
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(739): [client 192.168.2.146] [651] authnz_ldapdn authenticate: using URL ldaps://localhost/???(objectClass=user)
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(777): [client 192.168.2.146] [651] authnz_ldapdn authenticate: filter: (&(objectClass=user)(uid=admin))
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(844): [client 192.168.2.146] [651] authnz_ldapdn authenticate: checking checkUserID url:ldaps://localhost/???(objectClass=user) basedn:
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(853): [client 192.168.2.146] [651] authnz_ldapdn authenticate: returned checkUserID dn:null dn result: -1
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(275): [client 192.168.2.146] [651] authnz_filr_check_password: Py_Finalize() user admin
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(282): [client 192.168.2.146] [651] authnz_filr_check_password: returning user admin
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(910): [client 192.168.2.146] [651] authnz_ldapdn authenticate: returned filr_check_password dn:(null), result 0
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(1007): [client 192.168.2.146] [651] authnz_ldapdn authenticate INFO: result[0] fdnresult[0] AuthGranted[1] declined[-1] unauthorized[401]
[Mon Dec 14 14:11:29 2015] [error] [client 192.168.2.146] user admin: authentication failure for "/psmstatus": Password Mismatch
A ldap/nds trace showed:
1257613056 LDAP: [2015/12/14 14:11:29.52] New TLS connection 0xdfcb500 from 127.0.0.1:36606, monitor = 0x356c5700, index = 11
896292608 LDAP: [2015/12/14 14:11:29.52] Monitor 0x356c5700 initiating TLS handshake on connection 0xdfcb500
904713984 LDAP: [2015/12/14 14:11:29.53] (127.0.0.1:36606)(0x0000:0x00) DoTLSHandshake on connection 0xdfcb500
904713984 LDAP: [2015/12/14 14:11:29.58] BIO ctrl called with unknown cmd 7
904713984 LDAP: [2015/12/14 14:11:29.58] (127.0.0.1:36606)(0x0000:0x00) Completed TLS handshake on connection 0xdfcb500
896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 found connection 0xdfcb500 ending TLS session
895239936 LDAP: [2015/12/14 14:11:29.65] (127.0.0.1:36606)(0x0000:0x00) DoTLSShutdown on connection 0xdfcb500
896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 found connection 0xdfcb500 socket closed, err = -5871, 0 of 0 bytes read
896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 initiating close for connection 0xdfcb500
1267087104 LDAP: [2015/12/14 14:11:29.65] Server closing connection 0xdfcb500, socket error = -5871
1267087104 LDAP: [2015/12/14 14:11:29.65] Connection 0xdfcb500 closed
14:11:29 2015] [info] Subsequent (No.2) HTTPS request received for child 1 (server iprint.appliance:443)
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(1000): [client 192.168.2.146] [651] authnz_ldapdn authenticate: user admin authentication; URI /psmstatus [checking check_password_function] 0
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(739): [client 192.168.2.146] [651] authnz_ldapdn authenticate: using URL ldaps://localhost/???(objectClass=user)
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(777): [client 192.168.2.146] [651] authnz_ldapdn authenticate: filter: (&(objectClass=user)(uid=admin))
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(844): [client 192.168.2.146] [651] authnz_ldapdn authenticate: checking checkUserID url:ldaps://localhost/???(objectClass=user) basedn:
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(853): [client 192.168.2.146] [651] authnz_ldapdn authenticate: returned checkUserID dn:null dn result: -1
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(275): [client 192.168.2.146] [651] authnz_filr_check_password: Py_Finalize() user admin
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(282): [client 192.168.2.146] [651] authnz_filr_check_password: returning user admin
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(910): [client 192.168.2.146] [651] authnz_ldapdn authenticate: returned filr_check_password dn:(null), result 0
[Mon Dec 14 14:11:29 2015] [debug] mod_authnz_ldapdn.c(1007): [client 192.168.2.146] [651] authnz_ldapdn authenticate INFO: result[0] fdnresult[0] AuthGranted[1] declined[-1] unauthorized[401]
[Mon Dec 14 14:11:29 2015] [error] [client 192.168.2.146] user admin: authentication failure for "/psmstatus": Password Mismatch
A ldap/nds trace showed:
1257613056 LDAP: [2015/12/14 14:11:29.52] New TLS connection 0xdfcb500 from 127.0.0.1:36606, monitor = 0x356c5700, index = 11
896292608 LDAP: [2015/12/14 14:11:29.52] Monitor 0x356c5700 initiating TLS handshake on connection 0xdfcb500
904713984 LDAP: [2015/12/14 14:11:29.53] (127.0.0.1:36606)(0x0000:0x00) DoTLSHandshake on connection 0xdfcb500
904713984 LDAP: [2015/12/14 14:11:29.58] BIO ctrl called with unknown cmd 7
904713984 LDAP: [2015/12/14 14:11:29.58] (127.0.0.1:36606)(0x0000:0x00) Completed TLS handshake on connection 0xdfcb500
896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 found connection 0xdfcb500 ending TLS session
895239936 LDAP: [2015/12/14 14:11:29.65] (127.0.0.1:36606)(0x0000:0x00) DoTLSShutdown on connection 0xdfcb500
896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 found connection 0xdfcb500 socket closed, err = -5871, 0 of 0 bytes read
896292608 LDAP: [2015/12/14 14:11:29.65] Monitor 0x356c5700 initiating close for connection 0xdfcb500
1267087104 LDAP: [2015/12/14 14:11:29.65] Server closing connection 0xdfcb500, socket error = -5871
1267087104 LDAP: [2015/12/14 14:11:29.65] Connection 0xdfcb500 closed