Password not accepted by ActiveX LDAP server.

Posted on 2004-10-10
Medium Priority
Last Modified: 2013-12-23
A program (on Solaris) authenticates users using a Windows/ActiveX LDAP directory.
Everything is ok unless password contains |:₤ (pound) signs.
Passwords containing |: are accepted by other services using the LDAP directory.
Passwords containing ₤ are never accepted.

Any ideas?

Question by:jrtwolski
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 38

Accepted Solution

yuzh earned 1000 total points
ID: 12274599
It is a bug in Solaris, please see the following Sun Docs:

Document ID: 4612387
Title: bug 4612387
Synopsis: punctuation in ldap password causes problems
Update Date: Fri Dec 14 04:49:00 MST 2001


Bug ID: 4612387
Synopsis: punctuation in ldap password causes problems
Category: certificate
Subcategory: installation_wizard
State: closed
    Responsible Manager:
    Responsible Engineer:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
Short Description - punctuation in ldap password causes problems
Long Description  - The installation wizard performs some LDAP operations by
calling command-line
tools, such as ldapmodify.  These tools are invoked by /bin/sh on Solaris.  One
of the command-line arguments to the tool is the bind password.  If this
password has a '$', or any other character interpreted by the shell, the
password will get mangled by the shell.  This will cause ldapmodify to fail with
an "Invalid Credentials" error, which sinks configuration.

      ------- Additional Comments From supriya  Jul-12-1999 20:00 -------

Adding this information to the release notes and troubleshooting document. Also
adding myself to the cc list -- to track changes to the bug in order to update
the release notes and the troubleshooting document.

      ------- Additional Comments From stevep  Jul-14-1999 13:25 -------

      These characters could include:

# $ % * ( ) - ' " ? \ | ~ `

This is really bad - since these are exactly the kind of characters people
SHOULD be putting in their passwords.

This should only affect the internal database.

      ------- Additional Comments From nicolson  Jul-27-1999 15:53 -------

This is pretty nasty, since people are supposed to put punctuation in their

      ------- Additional Comments From nicolson  Aug-12-1999 12:12 -------

Changed Migrate.java so that questionable characters in passwords are escaped
before being written to the command line.

      ------- Additional Comments From stevep  Mar-06-2000 15:13 -------

      From James Rome:

      Description of the problem: In the installation wizard for the cert
manager, when I got to the iInternal Database screen, it would NOT let
me use a password for the cn-Directory Manager containing a number and
an underscore. That is a security requirement at or site.

      ------- Additional Comments From supriya  Mar-10-2000 19:07 -------

Updated the 4.2 release notes to say '_' (underscore) is not allowed in the
password, in addition to characters already listed.

      ------- Additional Comments From supriya  Mar-11-2000 20:15 -------

I'm getting flooded with bugmails since my last update; trying to see if a
reupdate will stop it.

      ------- Additional Comments From stevep  Mar-20-2000 16:32 -------

I think we can close this now

      ------- Additional Comments From supriya  Mar-22-2000 19:38 -------

See also 387429.

      ------- Additional Comments From stevep  Mar-22-2000 20:24 -------

Reopening - this bug had a last minute reprieve. Assigning to john for
supreme-court decision.

From my understanding, there is a password on the command-line in at least

- creation of internal directory
- starting NT server from console (maybe services panel too)

      ------- Additional Comments From jhines  Mar-23-2000 19:28 -------

      brian: try ; in the password for creating a new instance -- review the
bug.  If you can reproduce, then indicate that you can, and target fix CMS 4.2.

      ------- Additional Comments From jhines  Mar-23-2000 19:32 -------

*** Bug 387429 has been marked as a duplicate of this bug. ***

      ------- Additional Comments From laseu  Jun-12-2000 18:15 -------

      Solaris and NT:
      I used the following for all passwords to install CMS and setup a CA:

Also enrolled, approved, and imported a certificate and stopped and started
cert server from command line and console to verify installation.

      NT Only:
      I setup a second CA using the following for all Installation Wizard passwords:

Also enrolled, approved, and imported a certificate and stopped and started
server from command line and console to verify installation.

Did not have any problem.

Did not see anything documented in this bug indicating a fix other than a
release note but can not reproduce.

(CMS 4.2 bits from June 8, 2000)

      ------- Additional Comments From laseu  Jun-12-2000 18:33 -------

Maybe there was a fix.  I see a comment from August 12, 1999 talking about
escaping characters.

      ------- Additional Comments From laseu  Jun-13-2000 14:05 -------

Can not reproduce problem.

      ------- Additional Comments From supriya  Jun-13-2000 16:52 -------

Removed the relevant information from the CMS 4.2 release notes

      ------- Additional Comments From beomsuk  Jun-20-2000 11:25 -------

Verified with 20000620.1 AIX bits.

      ------- Additional Comments From beomsuk  Jun-20-2000 14:57 -------

Invalid... close it.

============ Data from BugSplat; End ===========================
Work Around:

Name: bugsbuny                  Date: 12/14/2001

============ Data from BugSplat; Start =========================
REPORTER       - managers_ip
CREATION_TS    - 1999-07-08 11:36:51.0
DELTA_TS       - 2000-06-20 14:59:25.0
DELTA_SY_USER  - managers_ip
FIX_TS         - 2000-06-20 14:59:24.0
VERIFIED_TS    - 2000-06-20 11:27:04.0
RESOLVED_TS    - 2000-06-13 14:07:03.0
============ Data from BugSplat; End ===========================

Integrated in releases:
Duplicate of:
Patch ID:
See Also:

Name: bugsbuny                  Date: 12/14/2001


From: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-1-4612387-1

Document ID: 4672914
Title: bug 4672914
Synopsis: Can not use '&' character into console's admin password
Update Date: Fri Jun 14 02:19:00 MDT 2002


Bug ID: 4672914
Synopsis: Can not use '&' character into console's admin password
Category: directory
Subcategory: admin
State: verified
    Responsible Manager:
    Responsible Engineer:
Installing iDS5.1 with '&' character contained in admin's password, fail to
create an instance of Directory Server with error :

ERROR: Ldap authentication failed for url ldap://parietal:17000/o=NetscapeRoot
user id
cn=directory manager (146:Unknown error.)
Fatal Slapd Did not add Directory Server information to Configuration Server.
Work Around:

Integrated in releases: 5.1sp1, 5.2,
Duplicate of:
Patch ID: 113859-01, 114273-01,
See Also: ,

From: http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-1-4672914-1

Featured Post

Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question