Help, there're commas and slashes in my DN!

Posted on 2010-03-29
Medium Priority
Last Modified: 2013-12-19
Hi, I can authenticate my users against the active directory (AD) using Java. All is fine if the user's distinguishedName has no commas and slashes:

cn: Melvin H. Merana
distinguishedName: CN=Melvin H. Merana,OU=ESA OU,OU=Information Technology OU,OU=Smart Users OU,DC=smart,DC=LOCAL

But if the user has commas and slashes, for example,

cn: Floren V. Tamargo, IT/2209
distinguishedName: CN=Floren V. Tamargo\, IT/2209,OU=Information Technology OU,OU=Smart Users OU,DC=smart,DC=LOCAL

I get the following error:

javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031006CC, problem 5012 (DIR_ERROR), data 0 ]; remaining name 'CN=Floren V. Tamargo\, IT/2209,OU=Information Technology OU,OU=Smart Users OU,DC=smart,DC=LOCAL'

Below is part of my code. The line that is giving the error is "ctx.getAttributes(logonUser.getDistinguishedname());".

May I know how to modify my code to handle names with commas and slashes? Thanks.
public User isAuthenticated(String userId, String password) throws CommunicationException {
	User logonUser = null;
	try {
		logonUser = getUserAdObject(userId);
		if (logonUser != null) {
		security_principal = "smart\\" + userId;
		security_credential = password;
		return logonUser;
	} catch (Exception e) {
		logonUser = null;
	return logonUser;

Open in new window

Question by:killdurst
  • 2
LVL 15

Accepted Solution

msmamji earned 500 total points
ID: 28966027
This applies to VBScript but I think would apply to you too.

According to the post you need to escape the "/" as well appearing in your name. try this and see it works.
CN=Floren V. Tamargo\, IT\/2209,OU=Information Technology OU,OU=Smart Users OU,DC=smart,DC=LOCAL

LVL 11

Assisted Solution

anilallewar earned 500 total points
ID: 28973126
You would need to escape the , correctly as it has special meaning to AD. Check out the link below on how to do it


Author Comment

ID: 29064695
Hi guys, I've tried to escape the comma and slash characters but it didn't help. I think there's no solution to this so I've decided to implement a workaround. Which is to use the user's username and password to to to open the AD connection itself, i.e. creating the initialLdapContext itself. If it's able to be created, it means the username and password is correct. If it doesn't, it means the username and password is wrong.

To anyone else reading this, I'm giving these guys the points because of the time they spent participating in the question.

Author Closing Comment

ID: 31708239
Have decided to use a workaround instead.

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Stellar Phoenix SQL Database Repair software easily fixes the suspect mode issue of SQL Server database. It is a simple process to bring the database from suspect mode to normal mode. Check out the video and fix the SQL database suspect mode problem.
Suggested Courses

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question