[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Invalid Credentials error for a Bind DN with spl. character
- To: ando@sys-net.it
- Subject: Re: Invalid Credentials error for a Bind DN with spl. character
- From: snsk <snsk@yahoo.com>
- Date: Thu, 21 Jul 2005 08:34:02 -0700 (PDT)
- Cc: Openldap-Software <openldap-software@OpenLDAP.org>
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=C7evym0lwLq8FDMVEKSu0cVZNMg+1Gn/EWfD4g2rjFbtrHSngCs1gVRYhlLs9/9IP7QoaxC88NLDjxL66B2kE9TY6ik6q+EMtDVZ5DqFLRKV922ksBbPQgUNILKOoX96+sZIAGxxekzfe/G8gqj7Xiv5z+Z5WDLaIrW5lvDhPlM= ;
- In-reply-to: <48400.131.175.154.56.1121955021.squirrel@131.175.154.56>
Using the following suffix, rootDN works better. Thanks for the suggestion.
suffix "O=VeriSign\\2C Inc., C=US"
rootdn "cn=Manager,O=VeriSign\\2C Inc.,C=US"
I can bind fine with ldapsearch and LDIF update worked fine too.
ldapsearch -x -b "o=VeriSign\, Inc.,c=US" -D "cn=Manager,O=VeriSign\, Inc.,c=US" -w secret
ldapadd -a -h localhost -p 389 -v -x -D "cn=Manager,o=VeriSign\, Inc.,c=US" -w secret -f DITSSL.ldif
Could you please verify whether the ldif contents looks fine?
DITSSL.ldif
*************
dn: O=VeriSign\, Inc.,C=US
changetype: Add
objectclass: top
objectclass: organization
O: VeriSign, Inc.
dn: cn=Manager,O=VeriSign\, Inc.,C=US
changetype: Add
objectclass: organizationalRole
cn: Manager
dn: OU = Class 3 Public Primary Certification Authority, O=VeriSign\, Inc.,C=US
changetype: Add
objectclass: top
objectclass: organizationalUnit
ou: Class 3 Public Primary Certification Authority
Thanks for the quick response.
Pierangelo Masarati <ando@sys-net.it> wrote:
> I am running openLDAP 2.2.26 in Windows XP. I am using the build made by
> Lucas http://bergmans.us/list/openldap-windows/. I have configured
> slapd.conf to use ldbm database (was wondering if the issue I saw has
> anything to do with the database in use :-)
>
> Earlier, I was using 256 as debug level. After your suggestion, I changed
> it to -1 (All debug).
>
> During startup, I could see openLDAP reading the suffix as "o=VeriSign\2C
> Inc.,c=US" but rootDN as "cn=Manager,o=VeriSign2C Inc.,c=US" (note there
> is no backslash in O value). So I tried doing a ldapsearch w/o backslash
> for the bind DN and it worked.
>
> Is this an expected behavior? I don't know if I mentioned earlier, I have
> the following entries in slapd.conf for suffix and rootDN.
>
> suffix "O=VeriSign\2C Inc., C=US"
> rootdn "cn=Manager,O=VeriSign\2C Inc.,C=US"
This sounds odd, because slapd interprets "\" as an escape char when
parsing strings; you should really use
suffix "O=VeriSign\\2C Inc., C=US"
rootdn "cn=Manager,O=VeriSign\\2C Inc.,C=US"
to get the string you intend. but the same should apply to both
directives. Can you cross-check?
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
---------------------------------
Start your day with Yahoo! - make it your home page