issue regarding policy record storing and LDAP plugin
Will Fiveash
William.Fiveash at sun.com
Wed Sep 27 19:24:18 EDT 2006
On Tue, Sep 26, 2006 at 10:31:02AM +0530, Savitha R wrote:
> On Mon, 2006-09-25 at 21:12 -0500, Will Fiveash wrote:
> > I'm seeing a LDAP_INVALID_DN_SYNTAX error being returned from
> > ldap_add_s() when called from krb5_ldap_create_password_policy(). The
> > problem is that the process_k5beta7_policy() called during a kdb5_util
> > load creates a policy record with a name that is not a DN and later in
> > krb5_ldap_create_password_policy() there is:
> >
> > if ((st=ldap_add_s(ld, policy->name, mods)) != LDAP_SUCCESS) {
> >
> > hence the LDAP_INVALID_DN_SYNTAX. How is this supposed to work? Is
> > policy->name supposed to be set to a DN somewhere?
> >
>
> The password policy name had to be a DN in the current code. But we have
> now changed that. It is sufficient to provide a name and the policy
> object will be created under the realm container. We should be
> submitting the patch with these changes next week.
Thanks, I thought that might be the case. I definitely need this patch
ASAP.
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list