directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <directory-...@incubator.apache.org>
Subject [jira] Updated: (DIREVE-284) Simple bind fails for entries with certain partition suffix names
Date Mon, 24 Oct 2005 09:40:56 GMT
     [ http://issues.apache.org/jira/browse/DIREVE-284?page=all ]

Stefan Zoerner updated DIREVE-284:
----------------------------------

    Description: 
Some users (i.e. person entries with userPassword attribute) can't authenticate to the server
via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org.
To give an example:

I used the default server.xml from
http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
to start the server and added the following entry:

dn: cn=Kate Bush,dc=apache,dc=org
cn: Kate Bush
objectclass: top
objectclass: person
sn: Bush
userPassword: Aerial

After that, the following works as expected:

$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org"
"(sn=Bush)" cn
cn=Kate Bush,dc=apache,dc=org
cn=Kate Bush
$

and providing a wrong password leads to an "invalid credentials". 

But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
<property name="suffix"><value>dc=aPache,dc=org</value></property>
adjust other occurrences of dc=apache as well and import the person entry above with DN "cn=Kate
Bush,dc=aPache,dc=org", the following happens:

$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org"
"(sn=Bush)" cn
ldap_simple_bind: Invalid credentials
$

But this still works:

$ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org"
"(sn=Bush)"
cn=Kate Bush,dc=aPache,dc=org
sn=Bush
cn=Kate Bush
objectclass=person
objectclass=top
userPassword=Aerial
$

I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence I
found), and the defect disappears with "o=sevenseas". 

I therefore assume that the authenticator used for simple binds has problems with the mixed
characters in the suffices.

  was:
Sometimes users (i.e. person entries with userPassword attribute) can't authenticate to the
server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org.
To give an example:

I used the default server.xml from
http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
to start the server and added the following entry:

dn: cn=Kate Bush,dc=apache,dc=org
cn: Kate Bush
objectclass: top
objectclass: person
sn: Bush
userPassword: Aerial

After that, the following works as expected:

$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org"
"(sn=Bush)" cn
cn=Kate Bush,dc=apache,dc=org
cn=Kate Bush
$

and providing a wrong password leads to an "invalid credentials". 

But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
<property name="suffix"><value>dc=aPache,dc=org</value></property>
adjust other occurrences of dc=apache as well and import the person entry above with DN "cn=Kate
Bush,dc=aPache,dc=org", the following happens:

$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org"
"(sn=Bush)" cn
ldap_simple_bind: Invalid credentials
$

But this still works:

$ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org"
"(sn=Bush)"
cn=Kate Bush,dc=aPache,dc=org
sn=Bush
cn=Kate Bush
objectclass=person
objectclass=top
userPassword=Aerial
$

I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence I
found), and the defect disappears with "o=sevenseas". 

I therefore assume that the authenticator used for simple binds has problems with the mixed
characters in the suffices.


> Simple bind fails for entries with certain partition suffix names
> -----------------------------------------------------------------
>
>          Key: DIREVE-284
>          URL: http://issues.apache.org/jira/browse/DIREVE-284
>      Project: Directory Server
>         Type: Bug
>     Reporter: Stefan Zoerner
>     Assignee: Alex Karasulu
>      Fix For: 0.9.3

>
> Some users (i.e. person entries with userPassword attribute) can't authenticate to the
server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org.
To give an example:
> I used the default server.xml from
> http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
> to start the server and added the following entry:
> dn: cn=Kate Bush,dc=apache,dc=org
> cn: Kate Bush
> objectclass: top
> objectclass: person
> sn: Bush
> userPassword: Aerial
> After that, the following works as expected:
> $ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org"
"(sn=Bush)" cn
> cn=Kate Bush,dc=apache,dc=org
> cn=Kate Bush
> $
> and providing a wrong password leads to an "invalid credentials". 
> But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
> <property name="suffix"><value>dc=aPache,dc=org</value></property>
> adjust other occurrences of dc=apache as well and import the person entry above with
DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:
> $ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org"
"(sn=Bush)" cn
> ldap_simple_bind: Invalid credentials
> $
> But this still works:
> $ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org"
"(sn=Bush)"
> cn=Kate Bush,dc=aPache,dc=org
> sn=Bush
> cn=Kate Bush
> objectclass=person
> objectclass=top
> userPassword=Aerial
> $
> I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence
I found), and the defect disappears with "o=sevenseas". 
> I therefore assume that the authenticator used for simple binds has problems with the
mixed characters in the suffices.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message