[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Password not accepted by ActiveX LDAP server.

Posted on 2004-10-10
3
Medium Priority
?
317 Views
Last Modified: 2013-12-23
Hello,
A program (on Solaris) authenticates users using a Windows/ActiveX LDAP directory.
Everything is ok unless password contains |:₤ (pound) signs.
Passwords containing |: are accepted by other services using the LDAP directory.
Passwords containing ₤ are never accepted.

Any ideas?

Jacek
0
Comment
Question by:jrtwolski
1 Comment
 
LVL 38

Accepted Solution

by:
yuzh earned 1000 total points
ID: 12274599
It is a bug in Solaris, please see the following Sun Docs:

Document ID: 4612387
Title: bug 4612387
Synopsis: punctuation in ldap password causes problems
Update Date: Fri Dec 14 04:49:00 MST 2001

--------------------------------------------------------------------------------

Bug ID: 4612387
Synopsis: punctuation in ldap password causes problems
Category: certificate
Subcategory: installation_wizard
State: closed
Priority:
    Responsible Manager:
    Responsible Engineer:
Description:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
Short Description - punctuation in ldap password causes problems
Long Description  - The installation wizard performs some LDAP operations by
calling command-line
tools, such as ldapmodify.  These tools are invoked by /bin/sh on Solaris.  One
of the command-line arguments to the tool is the bind password.  If this
password has a '$', or any other character interpreted by the shell, the
password will get mangled by the shell.  This will cause ldapmodify to fail with
an "Invalid Credentials" error, which sinks configuration.

      ------- Additional Comments From supriya  Jul-12-1999 20:00 -------

Adding this information to the release notes and troubleshooting document. Also
adding myself to the cc list -- to track changes to the bug in order to update
the release notes and the troubleshooting document.

      ------- Additional Comments From stevep  Jul-14-1999 13:25 -------

      These characters could include:

# $ % * ( ) - ' " ? \ | ~ `

This is really bad - since these are exactly the kind of characters people
SHOULD be putting in their passwords.

This should only affect the internal database.


      ------- Additional Comments From nicolson  Jul-27-1999 15:53 -------

This is pretty nasty, since people are supposed to put punctuation in their
passwords.

      ------- Additional Comments From nicolson  Aug-12-1999 12:12 -------

Changed Migrate.java so that questionable characters in passwords are escaped
before being written to the command line.

      ------- Additional Comments From stevep  Mar-06-2000 15:13 -------

      From James Rome:

      Description of the problem: In the installation wizard for the cert
manager, when I got to the iInternal Database screen, it would NOT let
me use a password for the cn-Directory Manager containing a number and
an underscore. That is a security requirement at or site.

      ------- Additional Comments From supriya  Mar-10-2000 19:07 -------

Updated the 4.2 release notes to say '_' (underscore) is not allowed in the
password, in addition to characters already listed.

      ------- Additional Comments From supriya  Mar-11-2000 20:15 -------

I'm getting flooded with bugmails since my last update; trying to see if a
reupdate will stop it.

      ------- Additional Comments From stevep  Mar-20-2000 16:32 -------

I think we can close this now


      ------- Additional Comments From supriya  Mar-22-2000 19:38 -------

See also 387429.

      ------- Additional Comments From stevep  Mar-22-2000 20:24 -------

Reopening - this bug had a last minute reprieve. Assigning to john for
supreme-court decision.

From my understanding, there is a password on the command-line in at least
these
      situations:

- creation of internal directory
- starting NT server from console (maybe services panel too)



      ------- Additional Comments From jhines  Mar-23-2000 19:28 -------

      brian: try ; in the password for creating a new instance -- review the
attached
bug.  If you can reproduce, then indicate that you can, and target fix CMS 4.2.
--jhines

      ------- Additional Comments From jhines  Mar-23-2000 19:32 -------

*** Bug 387429 has been marked as a duplicate of this bug. ***

      ------- Additional Comments From laseu  Jun-12-2000 18:15 -------

      Solaris and NT:
      I used the following for all passwords to install CMS and setup a CA:
ab;cd$ef_gh-ij

Also enrolled, approved, and imported a certificate and stopped and started
cert server from command line and console to verify installation.

      NT Only:
      I setup a second CA using the following for all Installation Wizard passwords:
$_.89-#;

Also enrolled, approved, and imported a certificate and stopped and started
cert
server from command line and console to verify installation.

Did not have any problem.

Did not see anything documented in this bug indicating a fix other than a
release note but can not reproduce.

(CMS 4.2 bits from June 8, 2000)

      ------- Additional Comments From laseu  Jun-12-2000 18:33 -------

Maybe there was a fix.  I see a comment from August 12, 1999 talking about
escaping characters.

      ------- Additional Comments From laseu  Jun-13-2000 14:05 -------

Can not reproduce problem.

      ------- Additional Comments From supriya  Jun-13-2000 16:52 -------

Removed the relevant information from the CMS 4.2 release notes
      (http://twain.mcom.com/server/cms/42/relnotes/release_notes.html#Installation).

      ------- Additional Comments From beomsuk  Jun-20-2000 11:25 -------

Verified with 20000620.1 AIX bits.

      ------- Additional Comments From beomsuk  Jun-20-2000 14:57 -------

Invalid... close it.


============ Data from BugSplat; End ===========================
======================================================================
Work Around:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
BUG_FILE_LOC   -
EXTERNAL_ID    -
REPORTER       - managers_ip
CREATION_TS    - 1999-07-08 11:36:51.0
DELTA_TS       - 2000-06-20 14:59:25.0
DELTA_SY_USER  - managers_ip
FIX_TS         - 2000-06-20 14:59:24.0
VERIFIED_TS    - 2000-06-20 11:27:04.0
RESOLVED_TS    - 2000-06-13 14:07:03.0
============ Data from BugSplat; End ===========================

======================================================================
Integrated in releases:
Duplicate of:
Patch ID:
See Also:
Summary:

Name: bugsbuny                  Date: 12/14/2001


======================================================================

From: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-1-4612387-1


Document ID: 4672914
Title: bug 4672914
Synopsis: Can not use '&' character into console's admin password
Update Date: Fri Jun 14 02:19:00 MDT 2002

--------------------------------------------------------------------------------

Bug ID: 4672914
Synopsis: Can not use '&' character into console's admin password
Category: directory
Subcategory: admin
State: verified
Priority:
    Responsible Manager:
    Responsible Engineer:
Description:
Installing iDS5.1 with '&' character contained in admin's password, fail to
create an instance of Directory Server with error :

ERROR: Ldap authentication failed for url ldap://parietal:17000/o=NetscapeRoot
user id
cn=directory manager (146:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration Server.
marie-odile.parissis@sun.com
Work Around:

Integrated in releases: 5.1sp1, 5.2,
Duplicate of:
Patch ID: 113859-01, 114273-01,
See Also: ,
Summary:

From: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-1-4672914-1
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question