[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP - how to correct invalid cn values



Craig,

Whiteman, Craig schrieb (29.10.2012 11:59 Uhr):
A bug in a PHP script <http://www.linuxquestions.org/questions/showthread.php?p=4813771> has caused some entries in the LDAP database <http://www.linuxquestions.org/questions/showthread.php?p=4813771> to
 have invalid values:
by "invalid" you mean "not what I want" and not "technically invalid",
right?

# James + Bond, people, mi6.gov.uk
> dn: cn=James+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk
> sn: Bond
> givenName: James
> cn:: U3RldmUg
> gecos:: U3RldmUg

Technically this is all fine, except that - as Roman pointed out - you
did not craft your example well by not changing encodes "Steve" to "James".

As you can see, the *cn:* and *gecos:* have the invalid values - they
 should be *James Bond*.
They are not invalid, they are encoded, but this is fine.

I did attempt to correct the problem with ldapmodify by putting the following into a file called updateCN.ldif:

dn: cn=James+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk changetype:modify replace: cn cn: James Bond
Please learn more about LDAP in general and about DN and RDN.
cn is part of your RDN, so the CN value in your RDN must be in your object. By trying to replace the cn, this is not true anymore.

It does not make thing easier that you have a RDN combined from two attributes.

I have also tried ldapmodrdn:
ldapmodrdn -r -f updateCN.ldif
with updateCN.ldif:

dn: cn=James Bond+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk
cn=James Bond



$ ldapmodrdn -r -f updateCN.ldif

SASL/DIGEST-MD5 authentication started

Please enter your password:

ldap_sasl_interactive_bind_s: Internal (implementation specific)
error (80)

additional info: SASL(-13): user not found: no secret in database
please read "man ldapmodrdn".


Marc