I saw for certain CN values(e.g. CN=abc_dfe_89.78.67.56,34.45.45.45) when submitted to ldap for user creation in that format, IBM ldap throws the following exception documented in this link indicating invalid Dn syntax. Suspecting since"CN" values contains comma(,) that have meaning in LDAP is what may be causing this exception to be thrown. I am not familiar with ldap and need your expertise to confirm if that is the cause. If yes, then what other characters should be avoided in the CN to ensure this DN syntax validation does not fail.
Asked
Active
Viewed 372 times
0
-
1*Suspecting since"CN" values contains comma(,) that have meaning in LDAP is what may be causing this exception to be thrown.* - NO, you can have commas in CN/DN. Please check the length of the CN too. – Am_I_Helpful Apr 07 '19 at 13:37
-
thanks for your prompt reply, may not be length issue since CN string longer than the one above is not encountering that exception and is created in ldap. I compared with CN strings that "passed" vs the ones that failed with Dn syntax check .. only saw difference with special chars like comma, equal, semi-colon etc.. – iamcool76 Apr 07 '19 at 13:41
-
BTW, I'm not sure about the IBM LDAP implementation! To me, your sample CN looks fine from Microsoft's Active Directory configuration and LDAPv3. – Am_I_Helpful Apr 07 '19 at 13:43
-
You can have comma (,) in the CN value, but it has to be escaped when used in DN (with a backslash \). – Ludovic Poitou Apr 08 '19 at 08:38