directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu (JIRA)" <directory-...@incubator.apache.org>
Subject [jira] Resolved: (DIREVE-284) Simple bind fails for entries with certain partition suffix names
Date Tue, 25 Oct 2005 02:16:55 GMT
     [ http://issues.apache.org/jira/browse/DIREVE-284?page=all ]
     
Alex Karasulu resolved DIREVE-284:
----------------------------------

    Resolution: Fixed

Committed fix changes on revision 328236 here:

http://svn.apache.org/viewcvs.cgi?rev=328236&view=rev

Looks like lookups were being made against a bare nexus without normalizing the principals
name.  I started using the present operation's proxy object with bypasses where normalization
was still allowed.  

Added test case in MiscTest for Stefan's Kate Bush user.


> Simple bind fails for entries with certain partition suffix names
> -----------------------------------------------------------------
>
>          Key: DIREVE-284
>          URL: http://issues.apache.org/jira/browse/DIREVE-284
>      Project: Directory Server
>         Type: Bug
>     Reporter: Stefan Zoerner
>     Assignee: Alex Karasulu
>      Fix For: 0.9.3

>
> Some users (i.e. person entries with userPassword attribute) can't authenticate to the
server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org.
To give an example:
> I used the default server.xml from
> http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
> to start the server and added the following entry:
> dn: cn=Kate Bush,dc=apache,dc=org
> cn: Kate Bush
> objectclass: top
> objectclass: person
> sn: Bush
> userPassword: Aerial
> After that, the following works as expected:
> $ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org"
"(sn=Bush)" cn
> cn=Kate Bush,dc=apache,dc=org
> cn=Kate Bush
> $
> and providing a wrong password leads to an "invalid credentials". 
> But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
> <property name="suffix"><value>dc=aPache,dc=org</value></property>
> adjust other occurrences of dc=apache as well and import the person entry above with
DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:
> $ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org"
"(sn=Bush)" cn
> ldap_simple_bind: Invalid credentials
> $
> But this still works:
> $ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org"
"(sn=Bush)"
> cn=Kate Bush,dc=aPache,dc=org
> sn=Bush
> cn=Kate Bush
> objectclass=person
> objectclass=top
> userPassword=Aerial
> $
> I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence
I found), and the defect disappears with "o=sevenseas". 
> I therefore assume that the authenticator used for simple binds has problems with the
mixed characters in the suffices.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message