directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefan Zoerner (JIRA)" <>
Subject [jira] Closed: (DIREVE-284) Simple bind fails for entries with certain partition suffix names
Date Tue, 25 Oct 2005 15:45:57 GMT
     [ ]
Stefan Zoerner closed DIREVE-284:

I have rebuilt the server and retested the functionality with the problematic partition suffix
names I encountered ("dc=aPache,dc=org" and "o=sevenSeas"). Bind ops from users within these
partitions have worked as expected.  Hence I close this one. Thanks Alex for fixing it!

> Simple bind fails for entries with certain partition suffix names
> -----------------------------------------------------------------
>          Key: DIREVE-284
>          URL:
>      Project: Directory Server
>         Type: Bug
>     Reporter: Stefan Zoerner
>     Assignee: Alex Karasulu
>      Fix For: 0.9.3

> Some users (i.e. person entries with userPassword attribute) can't authenticate to the
server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org.
To give an example:
> I used the default server.xml from
> to start the server and added the following entry:
> dn: cn=Kate Bush,dc=apache,dc=org
> cn: Kate Bush
> objectclass: top
> objectclass: person
> sn: Bush
> userPassword: Aerial
> After that, the following works as expected:
> $ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org"
"(sn=Bush)" cn
> cn=Kate Bush,dc=apache,dc=org
> cn=Kate Bush
> $
> and providing a wrong password leads to an "invalid credentials". 
> But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
> <property name="suffix"><value>dc=aPache,dc=org</value></property>
> adjust other occurrences of dc=apache as well and import the person entry above with
DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:
> $ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org"
"(sn=Bush)" cn
> ldap_simple_bind: Invalid credentials
> $
> But this still works:
> $ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org"
> cn=Kate Bush,dc=aPache,dc=org
> sn=Bush
> cn=Kate Bush
> objectclass=person
> objectclass=top
> userPassword=Aerial
> $
> I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence
I found), and the defect disappears with "o=sevenseas". 
> I therefore assume that the authenticator used for simple binds has problems with the
mixed characters in the suffices.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message