Improve company productivity with a Business Account.Sign Up


Password not accepted by ActiveX LDAP server.

Posted on 2004-10-10
Medium Priority
Last Modified: 2013-12-23
A program (on Solaris) authenticates users using a Windows/ActiveX LDAP directory.
Everything is ok unless password contains |:₤ (pound) signs.
Passwords containing |: are accepted by other services using the LDAP directory.
Passwords containing ₤ are never accepted.

Any ideas?

Question by:jrtwolski
1 Comment
LVL 38

Accepted Solution

yuzh earned 1000 total points
ID: 12274599
It is a bug in Solaris, please see the following Sun Docs:

Document ID: 4612387
Title: bug 4612387
Synopsis: punctuation in ldap password causes problems
Update Date: Fri Dec 14 04:49:00 MST 2001


Bug ID: 4612387
Synopsis: punctuation in ldap password causes problems
Category: certificate
Subcategory: installation_wizard
State: closed
    Responsible Manager:
    Responsible Engineer:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
Short Description - punctuation in ldap password causes problems
Long Description  - The installation wizard performs some LDAP operations by
calling command-line
tools, such as ldapmodify.  These tools are invoked by /bin/sh on Solaris.  One
of the command-line arguments to the tool is the bind password.  If this
password has a '$', or any other character interpreted by the shell, the
password will get mangled by the shell.  This will cause ldapmodify to fail with
an "Invalid Credentials" error, which sinks configuration.

      ------- Additional Comments From supriya  Jul-12-1999 20:00 -------

Adding this information to the release notes and troubleshooting document. Also
adding myself to the cc list -- to track changes to the bug in order to update
the release notes and the troubleshooting document.

      ------- Additional Comments From stevep  Jul-14-1999 13:25 -------

      These characters could include:

# $ % * ( ) - ' " ? \ | ~ `

This is really bad - since these are exactly the kind of characters people
SHOULD be putting in their passwords.

This should only affect the internal database.

      ------- Additional Comments From nicolson  Jul-27-1999 15:53 -------

This is pretty nasty, since people are supposed to put punctuation in their

      ------- Additional Comments From nicolson  Aug-12-1999 12:12 -------

Changed so that questionable characters in passwords are escaped
before being written to the command line.

      ------- Additional Comments From stevep  Mar-06-2000 15:13 -------

      From James Rome:

      Description of the problem: In the installation wizard for the cert
manager, when I got to the iInternal Database screen, it would NOT let
me use a password for the cn-Directory Manager containing a number and
an underscore. That is a security requirement at or site.

      ------- Additional Comments From supriya  Mar-10-2000 19:07 -------

Updated the 4.2 release notes to say '_' (underscore) is not allowed in the
password, in addition to characters already listed.

      ------- Additional Comments From supriya  Mar-11-2000 20:15 -------

I'm getting flooded with bugmails since my last update; trying to see if a
reupdate will stop it.

      ------- Additional Comments From stevep  Mar-20-2000 16:32 -------

I think we can close this now

      ------- Additional Comments From supriya  Mar-22-2000 19:38 -------

See also 387429.

      ------- Additional Comments From stevep  Mar-22-2000 20:24 -------

Reopening - this bug had a last minute reprieve. Assigning to john for
supreme-court decision.

From my understanding, there is a password on the command-line in at least

- creation of internal directory
- starting NT server from console (maybe services panel too)

      ------- Additional Comments From jhines  Mar-23-2000 19:28 -------

      brian: try ; in the password for creating a new instance -- review the
bug.  If you can reproduce, then indicate that you can, and target fix CMS 4.2.

      ------- Additional Comments From jhines  Mar-23-2000 19:32 -------

*** Bug 387429 has been marked as a duplicate of this bug. ***

      ------- Additional Comments From laseu  Jun-12-2000 18:15 -------

      Solaris and NT:
      I used the following for all passwords to install CMS and setup a CA:

Also enrolled, approved, and imported a certificate and stopped and started
cert server from command line and console to verify installation.

      NT Only:
      I setup a second CA using the following for all Installation Wizard passwords:

Also enrolled, approved, and imported a certificate and stopped and started
server from command line and console to verify installation.

Did not have any problem.

Did not see anything documented in this bug indicating a fix other than a
release note but can not reproduce.

(CMS 4.2 bits from June 8, 2000)

      ------- Additional Comments From laseu  Jun-12-2000 18:33 -------

Maybe there was a fix.  I see a comment from August 12, 1999 talking about
escaping characters.

      ------- Additional Comments From laseu  Jun-13-2000 14:05 -------

Can not reproduce problem.

      ------- Additional Comments From supriya  Jun-13-2000 16:52 -------

Removed the relevant information from the CMS 4.2 release notes

      ------- Additional Comments From beomsuk  Jun-20-2000 11:25 -------

Verified with 20000620.1 AIX bits.

      ------- Additional Comments From beomsuk  Jun-20-2000 14:57 -------

Invalid... close it.

============ Data from BugSplat; End ===========================
Work Around:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
REPORTER       - managers_ip
CREATION_TS    - 1999-07-08 11:36:51.0
DELTA_TS       - 2000-06-20 14:59:25.0
DELTA_SY_USER  - managers_ip
FIX_TS         - 2000-06-20 14:59:24.0
VERIFIED_TS    - 2000-06-20 11:27:04.0
RESOLVED_TS    - 2000-06-13 14:07:03.0
============ Data from BugSplat; End ===========================

Integrated in releases:
Duplicate of:
Patch ID:
See Also:

Name: bugsbuny                  Date: 12/14/2001



Document ID: 4672914
Title: bug 4672914
Synopsis: Can not use '&' character into console's admin password
Update Date: Fri Jun 14 02:19:00 MDT 2002


Bug ID: 4672914
Synopsis: Can not use '&' character into console's admin password
Category: directory
Subcategory: admin
State: verified
    Responsible Manager:
    Responsible Engineer:
Installing iDS5.1 with '&' character contained in admin's password, fail to
create an instance of Directory Server with error :

ERROR: Ldap authentication failed for url ldap://parietal:17000/o=NetscapeRoot
user id
cn=directory manager (146:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration Server.
Work Around:

Integrated in releases: 5.1sp1, 5.2,
Duplicate of:
Patch ID: 113859-01, 114273-01,
See Also: ,


Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Make the most of your online learning experience.
This article is about building a site to site VPN tunnels in Cisco CSR1000V router with IOS XE. There are two Policy Based IPsec VPN tunnels configured on CSR1000V router one with NAT and another without NAT.
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor ( Top Charts is a view in which you can set seve…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question