[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP - how to correct invalid cn values



A bug in a PHP script has caused some entries in the LDAP database to have invalid values:

 

# James + Bond, people, mi6.gov.uk
dn: cn=James+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk
sn: Bond
givenName: James
cn:: U3RldmUg
gecos:: U3RldmUg

 

As you can see, the cn: and gecos: have the invalid values - they should be James Bond.

I did attempt to correct the problem with ldapmodify by putting the following into a file called updateCN.ldif:

 

dn: cn=James+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk
changetype:modify
replace: cn
cn: James Bond

 

and executing the following command:

 

ldapmodify -x -W -D "cn=admin,dc=mi6,dc=gov,dc=uk" -f updateCN.ldif

 

This returned the following error

 

Enter LDAP Password:
modifying entry "cn=James+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk"
ldap_modify: Naming violation (64)
additional info: value of naming attribute 'cn' is not present in entry

 

I have also tried ldapmodrdn:

 

ldapmodrdn -r -f updateCN.ldif

 

with updateCN.ldif:

 

dn: cn=James Bond+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk

cn=James Bond

 

$ ldapmodrdn -r -f updateCN.ldif

SASL/DIGEST-MD5 authentication started

Please enter your password:

ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)

        additional info: SASL(-13): user not found: no secret in database

 

and

 

ldapmodify -f updateCN.ldif

 

with updateCN.ldif:

 

dn: cn=James Bond+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk

changetype: modrdn

newrdn: cn=James Bond

deleteoldrdn: 1

 

$ ldapmodify -f updateCN.ldif

SASL/DIGEST-MD5 authentication started

Please enter your password:

ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80)

        additional info: SASL(-13): user not found: no secret in database

 

How can I correct the invalid values in the LDAP database?

THINK BEFORE YOU PRINT======================================================================

The information contained in this email is intended only for the individual to whom it is addressed. It may contain legally privileged or confidential
information or otherwise be exempt from disclosure. If you have received this message in error or there are any problems, please notify the sender
immediately and delete the message from your computer. YOU MUST NOT use, disclose, copy or alter this message for any unauthorized purpose.
Neither Electricity North West Limited nor any of its subsidiaries will be liable for any direct, special, indirect or consequential damages
as a result of any virus being passed on, or arising from the alteration of the contents of this message by a third party.

Electricity North West Limited
304 Bridgewater Place, Birchwood Park
Warrington WA3 6XG, Registered in England and Wales
Registration No 02366949
===========================================================================================