[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: complex characters in UID attribute

To: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>
Subject: Re: complex characters in UID attribute
From: Vinay Kalkoti <kalkoti.vinay@gmail.com>
Date: Wed, 23 Feb 2011 16:09:32 +0530
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=yesSMsuPZpKpnPWEtsRmqIkGbhzI390fdPHBm44ip4A=; b=WK/AJK5r0wPCwlZI2nymoEX9wBc2j1oQCT2fPd1dIbjEgmroHoYSIJ/jKdUlx/zwu5 sW2K57NL0mkoDXKcvVXn5VxXKyhfKQ1wA8CaoH/r8kXpSW1nT6D96rV7zfTQerqGTpfb yrebndiZQazjgN5FQlTSOcF60FLTjqrgvcFzA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=mqZBYl9oW5Bol+hEG2lfhmwknre2FgeufFRdD9EAkpnS2QsGq/OPJgC147g+aFOFfu m2eTp0Ne7zzNCELTze2qUVkYX/xXs+KgF80zznuRiNLrnNsuFVGFcoBxwtuJWZa4S5yO RDWSW9056T8NysgEFKrte2EdT7E78SPWbLUvs=
In-reply-to: <4D64CE60.80806@ofd-z.niedersachsen.de>
References: <AANLkTikMXi1PT1WuPNq7yEMHYNgg6xZ5C9VTOZqhkLYk@mail.gmail.com> <4D64CE60.80806@ofd-z.niedersachsen.de>

But, the user account with "test_user:IT" is not able to login. I have
setup an OpenLDAP server and am using OpenLDAP client on SLES
machines.

SSH or "su - test_user:IT" fails. I see the following logs in
/var/log/messages file.

Feb 23 11:09:41 server sshd[20549]: Invalid user test_user from 10.34.3.94
Feb 23 11:09:44 sverver sshd[20549]: error: PAM: User not known to the
underlying authentication module for illegal user test_user from
10.34.3.94

*** Note that the logs just mention test_user instead of test_user:IT

Vinay


On Wed, Feb 23, 2011 at 2:37 PM, Marc Patermann
<hans.moser@ofd-z.niedersachsen.de> wrote:
> Vinay,
>
> Vinay Kalkoti schrieb am 23.02.2011 09:10 Uhr:
>
>> I wanted to know what all complex characters can be included for an
>> UID attribute.
>>
>> I have the following user names (uid).
>>
>> Please let me know which which of the following uid's are invalid -
>>
>> test_user: IT (LOC)
>> sup_12$
>> test_user:IT(LOC)
>> test_user-IT
>> test_user IT
>> test_user:IT
>> test_user(IT)
>> test_user.IT
>> test_user/IT
>> test_user/IT
>> test_user#IT
>> test_user*IT
>> test_user@IT
>
> IMHO from the ldap point of view this is all totally valid. As long as it is
> encoded in UTF-8.
> According to this
> http://www.andrew.cmu.edu/user/dd26/ldap.akbkhome.com/attribute/uid.html
> the syntax of uid is Directory String which does not limit you either.
>
> Your application using uid may or may not have stricter rules than that...
>
> Marc
>

Follow-Ups:
- Re: complex characters in UID attribute
  - From: "Keutel, Jochen (mlists)" <mlists@keutel.de>
- Re: complex characters in UID attribute
  - From: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>

References:
- complex characters in UID attribute
  - From: Vinay Kalkoti <kalkoti.vinay@gmail.com>
- Re: complex characters in UID attribute
  - From: Marc Patermann <hans.moser@ofd-z.niedersachsen.de>

Prev by Date: Re: authzTo now X-ORDERED?
Next by Date: Re: complex characters in UID attribute
Index(es):
- Chronological
- Thread