[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AttributeDescription contains inappropriate characters



Also, in response to this:

http://www.openldap.org/lists/openldap-software/200407/msg00205.html

The slapcat output looks fine to me.

----- Original Message ----- 
From: "adp" <dap99@i-55.com>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, September 15, 2004 12:21 PM
Subject: AttributeDescription contains inappropriate characters


> We are running OpenLDAP 2.2.15 (installed from source) on RHES3 and are
> getting "AttributeDescription contains inappropriate characters" whenever
> one of our applications tries to do a certain query.
>
> The general flow is this:
>
> 1. Query if user account exists.
> 2. Do a bind().
> 3. Check group membership.
>
> Here is the '-d -1' output when the error occurs:
>
> ...
> ldap_err2string
> <= ldap_dn2bv(cn=xx,ou=groups,dc=example,dc=com)=0 Success
> <<< dnPrettyNormal: <cn=XX,ou=Groups,dc=example,dc=com>,
> <cn=xx,ou=groups,dc=example,dc=com>
> send_ldap_result: conn=1 op=1 p=3
> send_ldap_result: err=17 matched="" text="AttributeDescription contains
> inappropriate characters"
> send_ldap_response: msgid=2 tag=111 err=17
> ber_flush: 68 bytes to sd 14
>   0000:  30 42 02 01 02 6f 3d 0a  01 11 04 00 04 36 41 74
0B...o=......6At
>   0010:  74 72 69 62 75 74 65 44  65 73 63 72 69 70 74 69
tributeDescripti
>   0020:  6f 6e 20 63 6f 6e 74 61  69 6e 73 20 69 6e 61 70   on contains
inap
>   0030:  70 72 6f 70 72 69 61 74  65 20 63 68 61 72 61 63   propriate
charac
>   0040:  74 65 72 73                                        ters
> ldap_write: want=68, written=68
>   0000:  30 42 02 01 02 6f 3d 0a  01 11 04 00 04 36 41 74
0B...o=......6At
>   0010:  74 72 69 62 75 74 65 44  65 73 63 72 69 70 74 69
tributeDescripti
>   0020:  6f 6e 20 63 6f 6e 74 61  69 6e 73 20 69 6e 61 70   on contains
inap
>   0030:  70 72 6f 70 72 69 61 74  65 20 63 68 61 72 61 63   propriate
charac
>   0040:  74 65 72 73                                        ters
> conn=1 op=1 RESULT tag=111 err=17 text=AttributeDescription contains
> inappropriate characters
> ...
>
> I found that this error is generated by servers/slapd/ad.c in two places:
>
> openldap-2.2.15/servers/slapd/ad.c:slap_bv2ad()
>
>         /* make sure description is IA5 */
>         if( ad_keystring( bv ) ) {
>                 *text = "AttributeDescription contains inappropriate
> characters";
>                 return rtn;
>         }
>
> openldap-2.2.15/servers/slapd/ad.c:slap_bv2undef_ad()
>
>         /* make sure description is IA5 */
>         if( ad_keystring( bv ) ) {
>                 *text = "AttributeDescription contains inappropriate
> characters";
>                 return LDAP_UNDEFINED_TYPE;
>         }
>
> The variable bv (struct berval) is passed to both functions.
>
> What I can't tell from the debug output is what is CAUSING bv to not be
> valid. Is the LDAP client sending a query with a bad string? I don't see
> that in the debug output. Could there be something wrong with a schema
file?
>
> By the way, the group is groupOfUniqueNames:
>
> # XX, Groups, example.com
> dn: cn=XX,ou=Groups,dc=example,dc=com
> cn: XX
> uniqueMember: uid=someuser,ou=Accounts,dc=example,dc=com
> objectClass: groupOfUniqueNames
> objectClass: top
>
> And uid=someuser,ou=Accounts,dc=example,dc=com is:
>
> # someuser, Accounts, example.com
> dn: uid=someuser,ou=Accounts,dc=example,dc=com
> uid: someuser
> userPassword:: xxxxxx
> objectClass: top
> objectClass: account
> objectClass: simpleSecurityObject
>
> We have stopped using ACL's for now while testing.
>
>