[ http://issues.apache.org/jira/browse/DIREVE-284?page=all ]
Stefan Zoerner closed DIREVE-284:
---------------------------------
I have rebuilt the server and retested the functionality with the problematic
partition suffix names I encountered ("dc=aPache,dc=org" and "o=sevenSeas").
Bind ops from users within these partitions have worked as expected. Hence I
close this one. Thanks Alex for fixing it!
> Simple bind fails for entries with certain partition suffix names
> -----------------------------------------------------------------
>
> Key: DIREVE-284
> URL: http://issues.apache.org/jira/browse/DIREVE-284
> Project: Directory Server
> Type: Bug
> Reporter: Stefan Zoerner
> Assignee: Alex Karasulu
> Fix For: 0.9.3
>
> Some users (i.e. person entries with userPassword attribute) can't
> authenticate to the server via simple bind. The problem does not exist with
> entries located in ou=system or dc=apache,dc=org. To give an example:
> I used the default server.xml from
> http://svn.apache.org/viewcvs.cgi/directory/apacheds/trunk/main/server.xml
> to start the server and added the following entry:
> dn: cn=Kate Bush,dc=apache,dc=org
> cn: Kate Bush
> objectclass: top
> objectclass: person
> sn: Bush
> userPassword: Aerial
> After that, the following works as expected:
> $ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=apache,dc=org" -w
> Aerial -b "dc=apache,dc=org" "(sn=Bush)" cn
> cn=Kate Bush,dc=apache,dc=org
> cn=Kate Bush
> $
> and providing a wrong password leads to an "invalid credentials".
> But if I use "dc=aPache,dc=org" as suffix within the partition configuration,
> i.e.
> <property name="suffix"><value>dc=aPache,dc=org</value></property>
> adjust other occurrences of dc=apache as well and import the person entry
> above with DN "cn=Kate Bush,dc=aPache,dc=org", the following happens:
> $ ldapsearch -h magritte -p 10389 -D "cn=Kate Bush,dc=aPache,dc=org" -w
> Aerial -b "dc=aPache,dc=org" "(sn=Bush)" cn
> ldap_simple_bind: Invalid credentials
> $
> But this still works:
> $ ldapsearch -h magritte -p 10389 -D "uid=admin,ou=system" -w secret -b
> "dc=aPache,dc=org" "(sn=Bush)"
> cn=Kate Bush,dc=aPache,dc=org
> sn=Bush
> cn=Kate Bush
> objectclass=person
> objectclass=top
> userPassword=Aerial
> $
> I have the same problem with suffix "o=sevenSeas" (actually it was the first
> occurrence I found), and the defect disappears with "o=sevenseas".
> I therefore assume that the authenticator used for simple binds has problems
> with the mixed characters in the suffices.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
