directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <directory-...@incubator.apache.org>
Subject [jira] Created: (DIREVE-284) Simple bind fails for entries with certain partition suffix names
Date Mon, 24 Oct 2005 09:38:56 GMT
Simple bind fails for entries with certain partition suffix names
-----------------------------------------------------------------

         Key: DIREVE-284
         URL: http://issues.apache.org/jira/browse/DIREVE-284
     Project: Directory Server
        Type: Bug
    Reporter: Stefan Zoerner
 Assigned to: Alex Karasulu 
     Fix For: 0.9.3


Sometimes users (i.e. person entries with userPassword attribute) can't authenticate to the
server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org.
To give an example:

I used the default server.xml from
http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
to start the server and added the following entry:

dn: cn=Kate Bush,dc=apache,dc=org
cn: Kate Bush
objectclass: top
objectclass: person
sn: Bush
userPassword: Aerial

After that, the following works as expected:

$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org"
"(sn=Bush)" cn
cn=Kate Bush,dc=apache,dc=org
cn=Kate Bush
$

and providing a wrong password leads to an "invalid credentials". 

But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
<property name="suffix"><value>dc=aPache,dc=org</value></property>
adjust other occurrences of dc=apache as well and import the person entry above with DN "cn=Kate
Bush,dc=aPache,dc=org", the following happens:

$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org"
"(sn=Bush)" cn
ldap_simple_bind: Invalid credentials
$

But this still works:

$ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org"
"(sn=Bush)"
cn=Kate Bush,dc=aPache,dc=org
sn=Bush
cn=Kate Bush
objectclass=person
objectclass=top
userPassword=Aerial
$

I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence I
found), and the defect disappears with "o=sevenseas". 

I therefore assume that the authenticator used for simple binds has problems with the mixed
characters in the suffices.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message