[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: AttributeDescription contains inappropriate characters
Also, in response to this:
http://www.openldap.org/lists/openldap-software/200407/msg00205.html
The slapcat output looks fine to me.
----- Original Message -----
From: "adp" <dap99@i-55.com>
To: <openldap-software@OpenLDAP.org>
Sent: Wednesday, September 15, 2004 12:21 PM
Subject: AttributeDescription contains inappropriate characters
> We are running OpenLDAP 2.2.15 (installed from source) on RHES3 and are
> getting "AttributeDescription contains inappropriate characters" whenever
> one of our applications tries to do a certain query.
>
> The general flow is this:
>
> 1. Query if user account exists.
> 2. Do a bind().
> 3. Check group membership.
>
> Here is the '-d -1' output when the error occurs:
>
> ...
> ldap_err2string
> <= ldap_dn2bv(cn=xx,ou=groups,dc=example,dc=com)=0 Success
> <<< dnPrettyNormal: <cn=XX,ou=Groups,dc=example,dc=com>,
> <cn=xx,ou=groups,dc=example,dc=com>
> send_ldap_result: conn=1 op=1 p=3
> send_ldap_result: err=17 matched="" text="AttributeDescription contains
> inappropriate characters"
> send_ldap_response: msgid=2 tag=111 err=17
> ber_flush: 68 bytes to sd 14
> 0000: 30 42 02 01 02 6f 3d 0a 01 11 04 00 04 36 41 74
0B...o=......6At
> 0010: 74 72 69 62 75 74 65 44 65 73 63 72 69 70 74 69
tributeDescripti
> 0020: 6f 6e 20 63 6f 6e 74 61 69 6e 73 20 69 6e 61 70 on contains
inap
> 0030: 70 72 6f 70 72 69 61 74 65 20 63 68 61 72 61 63 propriate
charac
> 0040: 74 65 72 73 ters
> ldap_write: want=68, written=68
> 0000: 30 42 02 01 02 6f 3d 0a 01 11 04 00 04 36 41 74
0B...o=......6At
> 0010: 74 72 69 62 75 74 65 44 65 73 63 72 69 70 74 69
tributeDescripti
> 0020: 6f 6e 20 63 6f 6e 74 61 69 6e 73 20 69 6e 61 70 on contains
inap
> 0030: 70 72 6f 70 72 69 61 74 65 20 63 68 61 72 61 63 propriate
charac
> 0040: 74 65 72 73 ters
> conn=1 op=1 RESULT tag=111 err=17 text=AttributeDescription contains
> inappropriate characters
> ...
>
> I found that this error is generated by servers/slapd/ad.c in two places:
>
> openldap-2.2.15/servers/slapd/ad.c:slap_bv2ad()
>
> /* make sure description is IA5 */
> if( ad_keystring( bv ) ) {
> *text = "AttributeDescription contains inappropriate
> characters";
> return rtn;
> }
>
> openldap-2.2.15/servers/slapd/ad.c:slap_bv2undef_ad()
>
> /* make sure description is IA5 */
> if( ad_keystring( bv ) ) {
> *text = "AttributeDescription contains inappropriate
> characters";
> return LDAP_UNDEFINED_TYPE;
> }
>
> The variable bv (struct berval) is passed to both functions.
>
> What I can't tell from the debug output is what is CAUSING bv to not be
> valid. Is the LDAP client sending a query with a bad string? I don't see
> that in the debug output. Could there be something wrong with a schema
file?
>
> By the way, the group is groupOfUniqueNames:
>
> # XX, Groups, example.com
> dn: cn=XX,ou=Groups,dc=example,dc=com
> cn: XX
> uniqueMember: uid=someuser,ou=Accounts,dc=example,dc=com
> objectClass: groupOfUniqueNames
> objectClass: top
>
> And uid=someuser,ou=Accounts,dc=example,dc=com is:
>
> # someuser, Accounts, example.com
> dn: uid=someuser,ou=Accounts,dc=example,dc=com
> uid: someuser
> userPassword:: xxxxxx
> objectClass: top
> objectClass: account
> objectClass: simpleSecurityObject
>
> We have stopped using ACL's for now while testing.
>
>