issue regarding policy record storing and LDAP plugin

Will Fiveash William.Fiveash at
Wed Sep 27 19:24:18 EDT 2006

On Tue, Sep 26, 2006 at 10:31:02AM +0530, Savitha R wrote:
> On Mon, 2006-09-25 at 21:12 -0500, Will Fiveash wrote:
> > I'm seeing a LDAP_INVALID_DN_SYNTAX error being returned from
> > ldap_add_s() when called from krb5_ldap_create_password_policy().  The
> > problem is that the process_k5beta7_policy() called during a kdb5_util
> > load creates a policy record with a name that is not a DN and later in
> > krb5_ldap_create_password_policy() there is:
> > 
> > if ((st=ldap_add_s(ld, policy->name, mods)) != LDAP_SUCCESS) {
> > 
> > hence the LDAP_INVALID_DN_SYNTAX.  How is this supposed to work?  Is
> > policy->name supposed to be set to a DN somewhere?
> > 
> The password policy name had to be a DN in the current code. But we have
> now changed that. It is sufficient to provide a name and the policy
> object will be created under the realm container. We should be
> submitting the patch with these changes next week.

Thanks, I thought that might be the case.  I definitely need this patch

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list