|
If you were logged in you would be able to see more operations.
|
|
|
| Resolution Date: |
25/Oct/05 11:16 AM
|
Some users (i.e. person entries with userPassword attribute) can't authenticate to the server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org. To give an example:
I used the default server.xml from
http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
to start the server and added the following entry:
dn: cn=Kate Bush,dc=apache,dc=org
cn: Kate Bush
objectclass: top
objectclass: person
sn: Bush
userPassword: Aerial
After that, the following works as expected:
$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org" "(sn=Bush)" cn
cn=Kate Bush,dc=apache,dc=org
cn=Kate Bush
$
and providing a wrong password leads to an "invalid credentials".
But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
<property name="suffix"><value>dc=aPache,dc=org</value></property>
adjust other occurrences of dc=apache as well and import the person entry above with DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:
$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org" "(sn=Bush)" cn
ldap_simple_bind: Invalid credentials
$
But this still works:
$ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org" "(sn=Bush)"
cn=Kate Bush,dc=aPache,dc=org
sn=Bush
cn=Kate Bush
objectclass=person
objectclass=top
userPassword=Aerial
$
I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence I found), and the defect disappears with "o=sevenseas".
I therefore assume that the authenticator used for simple binds has problems with the mixed characters in the suffices.
|
|
Description
|
Some users (i.e. person entries with userPassword attribute) can't authenticate to the server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org. To give an example:
I used the default server.xml from
http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
to start the server and added the following entry:
dn: cn=Kate Bush,dc=apache,dc=org
cn: Kate Bush
objectclass: top
objectclass: person
sn: Bush
userPassword: Aerial
After that, the following works as expected:
$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org" "(sn=Bush)" cn
cn=Kate Bush,dc=apache,dc=org
cn=Kate Bush
$
and providing a wrong password leads to an "invalid credentials".
But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
<property name="suffix"><value>dc=aPache,dc=org</value></property>
adjust other occurrences of dc=apache as well and import the person entry above with DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:
$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org" "(sn=Bush)" cn
ldap_simple_bind: Invalid credentials
$
But this still works:
$ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org" "(sn=Bush)"
cn=Kate Bush,dc=aPache,dc=org
sn=Bush
cn=Kate Bush
objectclass=person
objectclass=top
userPassword=Aerial
$
I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence I found), and the defect disappears with "o=sevenseas".
I therefore assume that the authenticator used for simple binds has problems with the mixed characters in the suffices. |
Show » |
made changes - 24/Oct/05 06:39 PM
| Field |
Original Value |
New Value |
|
Description
|
Sometimes users (i.e. person entries with userPassword attribute) can't authenticate to the server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org. To give an example:
I used the default server.xml from
http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
to start the server and added the following entry:
dn: cn=Kate Bush,dc=apache,dc=org
cn: Kate Bush
objectclass: top
objectclass: person
sn: Bush
userPassword: Aerial
After that, the following works as expected:
$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org" "(sn=Bush)" cn
cn=Kate Bush,dc=apache,dc=org
cn=Kate Bush
$
and providing a wrong password leads to an "invalid credentials".
But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
<property name="suffix"><value>dc=aPache,dc=org</value></property>
adjust other occurrences of dc=apache as well and import the person entry above with DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:
$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org" "(sn=Bush)" cn
ldap_simple_bind: Invalid credentials
$
But this still works:
$ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org" "(sn=Bush)"
cn=Kate Bush,dc=aPache,dc=org
sn=Bush
cn=Kate Bush
objectclass=person
objectclass=top
userPassword=Aerial
$
I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence I found), and the defect disappears with "o=sevenseas".
I therefore assume that the authenticator used for simple binds has problems with the mixed characters in the suffices.
|
Some users (i.e. person entries with userPassword attribute) can't authenticate to the server via simple bind. The problem does not exist with entries located in ou=system or dc=apache,dc=org. To give an example:
I used the default server.xml from
http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
to start the server and added the following entry:
dn: cn=Kate Bush,dc=apache,dc=org
cn: Kate Bush
objectclass: top
objectclass: person
sn: Bush
userPassword: Aerial
After that, the following works as expected:
$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w Aerial -b "dc=apache,dc=org" "(sn=Bush)" cn
cn=Kate Bush,dc=apache,dc=org
cn=Kate Bush
$
and providing a wrong password leads to an "invalid credentials".
But if I use "dc=aPache,dc=org" as suffix within the partition configuration, i.e.
<property name="suffix"><value>dc=aPache,dc=org</value></property>
adjust other occurrences of dc=apache as well and import the person entry above with DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:
$ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w Aerial -b "dc=aPache,dc=org" "(sn=Bush)" cn
ldap_simple_bind: Invalid credentials
$
But this still works:
$ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b "dc=aPache,dc=org" "(sn=Bush)"
cn=Kate Bush,dc=aPache,dc=org
sn=Bush
cn=Kate Bush
objectclass=person
objectclass=top
userPassword=Aerial
$
I have the same problem with suffix "o=sevenSeas" (actually it was the first occurrence I found), and the defect disappears with "o=sevenseas".
I therefore assume that the authenticator used for simple binds has problems with the mixed characters in the suffices.
|
made changes - 25/Oct/05 04:23 AM
|
Status
|
Open
[ 1
]
|
In Progress
[ 3
]
|
made changes - 25/Oct/05 11:16 AM
|
Resolution
|
|
Fixed
[ 1
]
|
|
Status
|
In Progress
[ 3
]
|
Resolved
[ 5
]
|
made changes - 26/Oct/05 12:45 AM
|
Status
|
Resolved
[ 5
]
|
Closed
[ 6
]
|
made changes - 10/Feb/06 12:34 PM
|
Fix Version/s
|
0.9.3
[ 12310193
]
|
|
|
Key
|
DIREVE-284
|
DIRSERVER-339
|
|
Project
|
Directory Server
[ 10516
]
|
Directory ApacheDS
[ 12310260
]
|
|
Bug
Closed
Major
Simple bind fails for entries with certain partition suffix names
http://svn.apache.org/viewcvs.cgi?rev=328236&view=rev
Looks like lookups were being made against a bare nexus without normalizing the principals name. I started using the present operation's proxy object with bypasses where normalization was still allowed.
Added test case in MiscTest for Stefan's Kate Bush user.