[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP - how to correct invalid cn values
Craig,
Whiteman, Craig schrieb (29.10.2012 11:59 Uhr):
A bug in a PHP script
<http://www.linuxquestions.org/questions/showthread.php?p=4813771>
has caused some entries in the LDAP database
<http://www.linuxquestions.org/questions/showthread.php?p=4813771> to
have invalid values:
by "invalid" you mean "not what I want" and not "technically invalid",
right?
# James + Bond, people, mi6.gov.uk
> dn: cn=James+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk
> sn: Bond
> givenName: James
> cn:: U3RldmUg
> gecos:: U3RldmUg
Technically this is all fine, except that - as Roman pointed out - you
did not craft your example well by not changing encodes "Steve" to "James".
As you can see, the *cn:* and *gecos:* have the invalid values - they
should be *James Bond*.
They are not invalid, they are encoded, but this is fine.
I did attempt to correct the problem with ldapmodify by putting the
following into a file called updateCN.ldif:
dn: cn=James+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk changetype:modify
replace: cn cn: James Bond
Please learn more about LDAP in general and about DN and RDN.
cn is part of your RDN, so the CN value in your RDN must be in your
object. By trying to replace the cn, this is not true anymore.
It does not make thing easier that you have a RDN combined from two
attributes.
I have also tried ldapmodrdn:
ldapmodrdn -r -f updateCN.ldif
with updateCN.ldif:
dn: cn=James Bond+sn=Bond,ou=people,dc=mi6,dc=gov,dc=uk
cn=James Bond
$ ldapmodrdn -r -f updateCN.ldif
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific)
error (80)
additional info: SASL(-13): user not found: no secret in database
please read "man ldapmodrdn".
Marc