Password not accepted by ActiveX LDAP server.

Hello,
A program (on Solaris) authenticates users using a Windows/ActiveX LDAP directory.
Everything is ok unless password contains |:₤ (pound) signs.
Passwords containing |: are accepted by other services using the LDAP directory.
Passwords containing ₤ are never accepted.

Any ideas?

Jacek
jrtwolskiAsked:
Who is Participating?
 
yuzhCommented:
It is a bug in Solaris, please see the following Sun Docs:

Document ID: 4612387
Title: bug 4612387
Synopsis: punctuation in ldap password causes problems
Update Date: Fri Dec 14 04:49:00 MST 2001

--------------------------------------------------------------------------------

Bug ID: 4612387
Synopsis: punctuation in ldap password causes problems
Category: certificate
Subcategory: installation_wizard
State: closed
Priority:
    Responsible Manager:
    Responsible Engineer:
Description:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
Short Description - punctuation in ldap password causes problems
Long Description  - The installation wizard performs some LDAP operations by
calling command-line
tools, such as ldapmodify.  These tools are invoked by /bin/sh on Solaris.  One
of the command-line arguments to the tool is the bind password.  If this
password has a '$', or any other character interpreted by the shell, the
password will get mangled by the shell.  This will cause ldapmodify to fail with
an "Invalid Credentials" error, which sinks configuration.

      ------- Additional Comments From supriya  Jul-12-1999 20:00 -------

Adding this information to the release notes and troubleshooting document. Also
adding myself to the cc list -- to track changes to the bug in order to update
the release notes and the troubleshooting document.

      ------- Additional Comments From stevep  Jul-14-1999 13:25 -------

      These characters could include:

# $ % * ( ) - ' " ? \ | ~ `

This is really bad - since these are exactly the kind of characters people
SHOULD be putting in their passwords.

This should only affect the internal database.


      ------- Additional Comments From nicolson  Jul-27-1999 15:53 -------

This is pretty nasty, since people are supposed to put punctuation in their
passwords.

      ------- Additional Comments From nicolson  Aug-12-1999 12:12 -------

Changed Migrate.java so that questionable characters in passwords are escaped
before being written to the command line.

      ------- Additional Comments From stevep  Mar-06-2000 15:13 -------

      From James Rome:

      Description of the problem: In the installation wizard for the cert
manager, when I got to the iInternal Database screen, it would NOT let
me use a password for the cn-Directory Manager containing a number and
an underscore. That is a security requirement at or site.

      ------- Additional Comments From supriya  Mar-10-2000 19:07 -------

Updated the 4.2 release notes to say '_' (underscore) is not allowed in the
password, in addition to characters already listed.

      ------- Additional Comments From supriya  Mar-11-2000 20:15 -------

I'm getting flooded with bugmails since my last update; trying to see if a
reupdate will stop it.

      ------- Additional Comments From stevep  Mar-20-2000 16:32 -------

I think we can close this now


      ------- Additional Comments From supriya  Mar-22-2000 19:38 -------

See also 387429.

      ------- Additional Comments From stevep  Mar-22-2000 20:24 -------

Reopening - this bug had a last minute reprieve. Assigning to john for
supreme-court decision.

From my understanding, there is a password on the command-line in at least
these
      situations:

- creation of internal directory
- starting NT server from console (maybe services panel too)



      ------- Additional Comments From jhines  Mar-23-2000 19:28 -------

      brian: try ; in the password for creating a new instance -- review the
attached
bug.  If you can reproduce, then indicate that you can, and target fix CMS 4.2.
--jhines

      ------- Additional Comments From jhines  Mar-23-2000 19:32 -------

*** Bug 387429 has been marked as a duplicate of this bug. ***

      ------- Additional Comments From laseu  Jun-12-2000 18:15 -------

      Solaris and NT:
      I used the following for all passwords to install CMS and setup a CA:
ab;cd$ef_gh-ij

Also enrolled, approved, and imported a certificate and stopped and started
cert server from command line and console to verify installation.

      NT Only:
      I setup a second CA using the following for all Installation Wizard passwords:
$_.89-#;

Also enrolled, approved, and imported a certificate and stopped and started
cert
server from command line and console to verify installation.

Did not have any problem.

Did not see anything documented in this bug indicating a fix other than a
release note but can not reproduce.

(CMS 4.2 bits from June 8, 2000)

      ------- Additional Comments From laseu  Jun-12-2000 18:33 -------

Maybe there was a fix.  I see a comment from August 12, 1999 talking about
escaping characters.

      ------- Additional Comments From laseu  Jun-13-2000 14:05 -------

Can not reproduce problem.

      ------- Additional Comments From supriya  Jun-13-2000 16:52 -------

Removed the relevant information from the CMS 4.2 release notes
      (http://twain.mcom.com/server/cms/42/relnotes/release_notes.html#Installation).

      ------- Additional Comments From beomsuk  Jun-20-2000 11:25 -------

Verified with 20000620.1 AIX bits.

      ------- Additional Comments From beomsuk  Jun-20-2000 14:57 -------

Invalid... close it.


============ Data from BugSplat; End ===========================
======================================================================
Work Around:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
BUG_FILE_LOC   -
EXTERNAL_ID    -
REPORTER       - managers_ip
CREATION_TS    - 1999-07-08 11:36:51.0
DELTA_TS       - 2000-06-20 14:59:25.0
DELTA_SY_USER  - managers_ip
FIX_TS         - 2000-06-20 14:59:24.0
VERIFIED_TS    - 2000-06-20 11:27:04.0
RESOLVED_TS    - 2000-06-13 14:07:03.0
============ Data from BugSplat; End ===========================

======================================================================
Integrated in releases:
Duplicate of:
Patch ID:
See Also:
Summary:

Name: bugsbuny                  Date: 12/14/2001


======================================================================

From: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-1-4612387-1


Document ID: 4672914
Title: bug 4672914
Synopsis: Can not use '&' character into console's admin password
Update Date: Fri Jun 14 02:19:00 MDT 2002

--------------------------------------------------------------------------------

Bug ID: 4672914
Synopsis: Can not use '&' character into console's admin password
Category: directory
Subcategory: admin
State: verified
Priority:
    Responsible Manager:
    Responsible Engineer:
Description:
Installing iDS5.1 with '&' character contained in admin's password, fail to
create an instance of Directory Server with error :

ERROR: Ldap authentication failed for url ldap://parietal:17000/o=NetscapeRoot
user id
cn=directory manager (146:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration Server.
marie-odile.parissis@sun.com
Work Around:

Integrated in releases: 5.1sp1, 5.2,
Duplicate of:
Patch ID: 113859-01, 114273-01,
See Also: ,
Summary:

From: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-1-4672914-1
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.