[Date Prev][Date Next] [Chronological] [Thread] [Top]

error - attribute description contains inappropriate characters



We have a strange problem with an application trying to user our OpenLDAP
directory. Basically, the application (a network appliance in fact) is
trying to use the LDAP directory for user authentication and authorization.
The authentication works great. However, the authorization always fails. We
also see "attribute description contains inappropriate characters" whenever
the authorization check is done. I'm looking for help on determining the
cause of this problem.

The authorization works by matching the authenticated user with uniqueMember
attribute in a groupOfUniqueNames. We get the query and then OpenLDAP shows
this:

=> dn2id( "CN=THEUSERS,OU=GROUPS,DC=domain,DC=COM" )
=> ldbm_cache_open( "dn2id.dbb", 9, 600 )
<= ldbm_cache_open (cache 0)
<= dn2id 455
=> id2entry_r( 455 )
=> ldbm_cache_open( "id2entry.dbb", 9, 600 )
<= ldbm_cache_open (cache 1)
=> str2entry
<= str2entry(cn=TheUsers,ou=Groups,dc=domain,dc=com) -> -1 (0x81dbd10)
<= id2entry_r( 455 ) 0x81dbd10 (disk)
====> cache_return_entry_r( 455 ): created (0)
send_ldap_result: conn=1 op=1 p=3
send_ldap_result: 17::attribute description contains inappropriate
characters
send_ldap_response: msgid=2 tag=111 err=17
ber_flush: ...
...
conn=1 op=1 RESULT tag=111 err=17 text=attribute description contains
inappropriate characters
daemon: activity on 1 descriptors
daemon: activity on: 14r
daemon: read activity on 14
connection_get(14)
connection_get(14): got connid=1
connection_read(14): checking for input on id=1

We have completed removed CN=THEUSERS and recreated it from scratch (we are
using phpldapadmin), yet we get the same "attribute description " error. Is
this a problem with our directory, or something else? I've done a dump of
CN=THEUSERS and it looks fine to me.

Is this an error that the LDAP client sent bad information, or that
something is going wrong with the server (e.g., a bad directory entry, or a
corrupted file)?

This is openldap 2.0.x (we can't currently upgrade) on RHES3.