[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: error - attribute description contains inappropriate characters

To: "adp" <dap99@i-55.com>
Subject: Re: error - attribute description contains inappropriate characters
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Thu, 8 Jul 2004 21:15:05 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <045b01c464fb$6d65bf10$c6630a0a@THEBOX>
References: <045b01c464fb$6d65bf10$c6630a0a@THEBOX>
User-agent: SquirrelMail/1.4.3a-1

2.0 is obsolete; however, that error means that the name of an attribute
contains invalid chars.  I suggest you slapcat the DB, look for that entry
and check all the attribute names for illegal chars.  If they're all ok,
then there might be a bug in slapd, but in that case you need to upgrade.

p.

> We have a strange problem with an application trying to user our OpenLDAP
> directory. Basically, the application (a network appliance in fact) is
> trying to use the LDAP directory for user authentication and
> authorization.
> The authentication works great. However, the authorization always fails.
> We
> also see "attribute description contains inappropriate characters"
> whenever
> the authorization check is done. I'm looking for help on determining the
> cause of this problem.
>
> The authorization works by matching the authenticated user with
> uniqueMember
> attribute in a groupOfUniqueNames. We get the query and then OpenLDAP
> shows
> this:
>
> => dn2id( "CN=THEUSERS,OU=GROUPS,DC=domain,DC=COM" )
> => ldbm_cache_open( "dn2id.dbb", 9, 600 )
> <= ldbm_cache_open (cache 0)
> <= dn2id 455
> => id2entry_r( 455 )
> => ldbm_cache_open( "id2entry.dbb", 9, 600 )
> <= ldbm_cache_open (cache 1)
> => str2entry
> <= str2entry(cn=TheUsers,ou=Groups,dc=domain,dc=com) -> -1 (0x81dbd10)
> <= id2entry_r( 455 ) 0x81dbd10 (disk)
> ====> cache_return_entry_r( 455 ): created (0)
> send_ldap_result: conn=1 op=1 p=3
> send_ldap_result: 17::attribute description contains inappropriate
> characters
> send_ldap_response: msgid=2 tag=111 err=17
> ber_flush: ...
> ...
> conn=1 op=1 RESULT tag=111 err=17 text=attribute description contains
> inappropriate characters
> daemon: activity on 1 descriptors
> daemon: activity on: 14r
> daemon: read activity on 14
> connection_get(14)
> connection_get(14): got connid=1
> connection_read(14): checking for input on id=1
>
> We have completed removed CN=THEUSERS and recreated it from scratch (we
> are
> using phpldapadmin), yet we get the same "attribute description " error.
> Is
> this a problem with our directory, or something else? I've done a dump of
> CN=THEUSERS and it looks fine to me.
>
> Is this an error that the LDAP client sent bad information, or that
> something is going wrong with the server (e.g., a bad directory entry, or
> a
> corrupted file)?
>
> This is openldap 2.0.x (we can't currently upgrade) on RHES3.
>
>
>
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- error - attribute description contains inappropriate characters
  - From: "adp" <dap99@i-55.com>

Prev by Date: database vs backend directive in slapd.conf
Next by Date: make test error
Index(es):
- Chronological
- Thread