469,286 Members | 2,422 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,286 developers. It's quick & easy.

LDAP Problem with firefox

CJM
I have a number of applications that use a particular technique to
authenticate users using IWA and LDAP.

These are for intranet application where the users all use IE6, however I'm
trying to debug some javascript code and I find that easier to do with FF.
However my applications that use this authentication technique have problems
when running through FF.

I get an 'error '80072020' authuser.asp, line 20', which point to an LDAP
call:

Sub AuthUser()
Set oADSysInfo = CreateObject("ADSystemInfo")
Set oCurrentUser = GetObject("LDAP://" & oADSysInfo.UserName)
'<==== error
etc...
End Sub

When I run this apps via FF I need to manually authenticate (ie type in
domain name\username & password) since true IWA is not supported. I assume
the fact that FF doesnt handle IWA is at the centre of the issue, but I
don't know exactly what the problem is, nor if/how I can solve it.

Any ideas?

Thanks

CJM

Aug 1 '06 #1
4 6047

"CJM" <cj*******@newsgroup.nospamwrote in message
news:%2****************@TK2MSFTNGP03.phx.gbl...
I have a number of applications that use a particular technique to
authenticate users using IWA and LDAP.

These are for intranet application where the users all use IE6, however
I'm
trying to debug some javascript code and I find that easier to do with FF.
However my applications that use this authentication technique have
problems
when running through FF.

I get an 'error '80072020' authuser.asp, line 20', which point to an LDAP
call:

Sub AuthUser()
Set oADSysInfo = CreateObject("ADSystemInfo")
Set oCurrentUser = GetObject("LDAP://" & oADSysInfo.UserName)
'<==== error
etc...
End Sub

When I run this apps via FF I need to manually authenticate (ie type in
domain name\username & password) since true IWA is not supported. I assume
the fact that FF doesnt handle IWA is at the centre of the issue, but I
don't know exactly what the problem is, nor if/how I can solve it.

Any ideas?
add the DNS name you are using to access the server to the following setting
in about:config on FF:-

network.automatic-ntlm-auth.trusted-uris

Now FF will automatically attempt NTML authentication with the server just
as IE does with things in the Local Intranet zone.

Thanks

CJM

Aug 1 '06 #2
CJM

"Anthony Jones" <An*@yadayadayada.comwrote in message
news:%2****************@TK2MSFTNGP03.phx.gbl...
>
>>

add the DNS name you are using to access the server to the following
setting
in about:config on FF:-

network.automatic-ntlm-auth.trusted-uris

Now FF will automatically attempt NTML authentication with the server just
as IE does with things in the Local Intranet zone.

Anthony,

Thanks for the response, but I'm afraid your suggestion didnt work (I get
the same error). Any further ideas?

Chris
Aug 1 '06 #3

"CJM" <cj*******@newsgroup.nospamwrote in message
news:eW**************@TK2MSFTNGP03.phx.gbl...
>
"Anthony Jones" <An*@yadayadayada.comwrote in message
news:%2****************@TK2MSFTNGP03.phx.gbl...
>
add the DNS name you are using to access the server to the following
setting
in about:config on FF:-

network.automatic-ntlm-auth.trusted-uris

Now FF will automatically attempt NTML authentication with the server
just
as IE does with things in the Local Intranet zone.

Anthony,

Thanks for the response, but I'm afraid your suggestion didnt work (I get
the same error). Any further ideas?

Chris
Have tried some response writes of the server variables AUTH_USER and
LOGON_USER just to confirm what user security token the request is running
under?

The page in question does not allow anonymous or other types of
authentication just IWA right?

Note that FF by default uses more connections per server than IE does. It
is connections that are authenticated so this could have a bearing.

It might be worth using Fiddler to compare the exchanges that IE makes with
the server with the ones FF makes.

Anthony.
Aug 1 '06 #4
"Anthony Jones" <An*@yadayadayada.comwrote in message
news:en**************@TK2MSFTNGP03.phx.gbl...
>
Have tried some response writes of the server variables AUTH_USER and
LOGON_USER just to confirm what user security token the request is running
under?

The page in question does not allow anonymous or other types of
authentication just IWA right?

Note that FF by default uses more connections per server than IE does. It
is connections that are authenticated so this could have a bearing.

It might be worth using Fiddler to compare the exchanges that IE makes
with
the server with the ones FF makes.

Anthony.

Fiddler (or Netmon) sounds like a good way to go with this.

If the server is set up for kerberos delegation, you might find that the
core problem is a difference in authentication headers between IE and FF. IE
will try Negotiate, I'm afraid I don't know much about FF.

NTLM authentication doesn't provide a delegable (eg, good for two hops)
credential, but Basic usually does (depending on the LogonMethod metabase
property) - you might consider stepping down to Basic to get FF working (and
use SSL to protect the credential transfer).

--
This posting is provided "AS IS" with no warranties, and confers no rights.

TristanK
http://blogs.technet.com/tristank/
--
Aug 2 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by dmcconkey | last post: by
7 posts views Thread by Amar | last post: by
4 posts views Thread by Terry Miller | last post: by
5 posts views Thread by Jed Parsons | last post: by
3 posts views Thread by Baren | last post: by
reply views Thread by Sells, Fred | last post: by
1 post views Thread by CARIGAR | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.