Password not accepted by ActiveX LDAP server.

Posted on 2004-10-10
Last Modified: 2013-12-23
A program (on Solaris) authenticates users using a Windows/ActiveX LDAP directory.
Everything is ok unless password contains |:₤ (pound) signs.
Passwords containing |: are accepted by other services using the LDAP directory.
Passwords containing ₤ are never accepted.

Any ideas?

Question by:jrtwolski
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 38

Accepted Solution

yuzh earned 250 total points
ID: 12274599
It is a bug in Solaris, please see the following Sun Docs:

Document ID: 4612387
Title: bug 4612387
Synopsis: punctuation in ldap password causes problems
Update Date: Fri Dec 14 04:49:00 MST 2001


Bug ID: 4612387
Synopsis: punctuation in ldap password causes problems
Category: certificate
Subcategory: installation_wizard
State: closed
    Responsible Manager:
    Responsible Engineer:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
Short Description - punctuation in ldap password causes problems
Long Description  - The installation wizard performs some LDAP operations by
calling command-line
tools, such as ldapmodify.  These tools are invoked by /bin/sh on Solaris.  One
of the command-line arguments to the tool is the bind password.  If this
password has a '$', or any other character interpreted by the shell, the
password will get mangled by the shell.  This will cause ldapmodify to fail with
an "Invalid Credentials" error, which sinks configuration.

      ------- Additional Comments From supriya  Jul-12-1999 20:00 -------

Adding this information to the release notes and troubleshooting document. Also
adding myself to the cc list -- to track changes to the bug in order to update
the release notes and the troubleshooting document.

      ------- Additional Comments From stevep  Jul-14-1999 13:25 -------

      These characters could include:

# $ % * ( ) - ' " ? \ | ~ `

This is really bad - since these are exactly the kind of characters people
SHOULD be putting in their passwords.

This should only affect the internal database.

      ------- Additional Comments From nicolson  Jul-27-1999 15:53 -------

This is pretty nasty, since people are supposed to put punctuation in their

      ------- Additional Comments From nicolson  Aug-12-1999 12:12 -------

Changed so that questionable characters in passwords are escaped
before being written to the command line.

      ------- Additional Comments From stevep  Mar-06-2000 15:13 -------

      From James Rome:

      Description of the problem: In the installation wizard for the cert
manager, when I got to the iInternal Database screen, it would NOT let
me use a password for the cn-Directory Manager containing a number and
an underscore. That is a security requirement at or site.

      ------- Additional Comments From supriya  Mar-10-2000 19:07 -------

Updated the 4.2 release notes to say '_' (underscore) is not allowed in the
password, in addition to characters already listed.

      ------- Additional Comments From supriya  Mar-11-2000 20:15 -------

I'm getting flooded with bugmails since my last update; trying to see if a
reupdate will stop it.

      ------- Additional Comments From stevep  Mar-20-2000 16:32 -------

I think we can close this now

      ------- Additional Comments From supriya  Mar-22-2000 19:38 -------

See also 387429.

      ------- Additional Comments From stevep  Mar-22-2000 20:24 -------

Reopening - this bug had a last minute reprieve. Assigning to john for
supreme-court decision.

From my understanding, there is a password on the command-line in at least

- creation of internal directory
- starting NT server from console (maybe services panel too)

      ------- Additional Comments From jhines  Mar-23-2000 19:28 -------

      brian: try ; in the password for creating a new instance -- review the
bug.  If you can reproduce, then indicate that you can, and target fix CMS 4.2.

      ------- Additional Comments From jhines  Mar-23-2000 19:32 -------

*** Bug 387429 has been marked as a duplicate of this bug. ***

      ------- Additional Comments From laseu  Jun-12-2000 18:15 -------

      Solaris and NT:
      I used the following for all passwords to install CMS and setup a CA:

Also enrolled, approved, and imported a certificate and stopped and started
cert server from command line and console to verify installation.

      NT Only:
      I setup a second CA using the following for all Installation Wizard passwords:

Also enrolled, approved, and imported a certificate and stopped and started
server from command line and console to verify installation.

Did not have any problem.

Did not see anything documented in this bug indicating a fix other than a
release note but can not reproduce.

(CMS 4.2 bits from June 8, 2000)

      ------- Additional Comments From laseu  Jun-12-2000 18:33 -------

Maybe there was a fix.  I see a comment from August 12, 1999 talking about
escaping characters.

      ------- Additional Comments From laseu  Jun-13-2000 14:05 -------

Can not reproduce problem.

      ------- Additional Comments From supriya  Jun-13-2000 16:52 -------

Removed the relevant information from the CMS 4.2 release notes

      ------- Additional Comments From beomsuk  Jun-20-2000 11:25 -------

Verified with 20000620.1 AIX bits.

      ------- Additional Comments From beomsuk  Jun-20-2000 14:57 -------

Invalid... close it.

============ Data from BugSplat; End ===========================
Work Around:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
REPORTER       - managers_ip
CREATION_TS    - 1999-07-08 11:36:51.0
DELTA_TS       - 2000-06-20 14:59:25.0
DELTA_SY_USER  - managers_ip
FIX_TS         - 2000-06-20 14:59:24.0
VERIFIED_TS    - 2000-06-20 11:27:04.0
RESOLVED_TS    - 2000-06-13 14:07:03.0
============ Data from BugSplat; End ===========================

Integrated in releases:
Duplicate of:
Patch ID:
See Also:

Name: bugsbuny                  Date: 12/14/2001



Document ID: 4672914
Title: bug 4672914
Synopsis: Can not use '&' character into console's admin password
Update Date: Fri Jun 14 02:19:00 MDT 2002


Bug ID: 4672914
Synopsis: Can not use '&' character into console's admin password
Category: directory
Subcategory: admin
State: verified
    Responsible Manager:
    Responsible Engineer:
Installing iDS5.1 with '&' character contained in admin's password, fail to
create an instance of Directory Server with error :

ERROR: Ldap authentication failed for url ldap://parietal:17000/o=NetscapeRoot
user id
cn=directory manager (146:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration Server.
Work Around:

Integrated in releases: 5.1sp1, 5.2,
Duplicate of:
Patch ID: 113859-01, 114273-01,
See Also: ,


Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question