IDP3 fails with LDAP bind and space character in the DN/distinguished name
Petursson, Sigurdur
spetursson at miami.edu
Mon Aug 7 13:01:33 EDT 2017
Paul:
The empty component was me not doing a good sanitizing job. These all
fail:
idp.authn.LDAP.bindDN = CN=IDP Service Account,CN=Users,DC=mydomain,DC=edu
idp.authn.LDAP.bindDN = CN=IDP\ Service\
Account,CN=Users,DC=mydomain,DC=edu
idp.authn.LDAP.bindDN = "CN=IDP Service
Account,CN=Users,DC=mydomain,DC=edu"
idp.authn.LDAP.bindDN = 'CN=IDP Service
Account,CN=Users,DC=mydomain,DC=edu'
idp.authn.LDAP.bindDN = "CN=IDP\ Service\
Account,CN=Users,DC=mydomain,DC=edu"
You say it works for you. Are you using IDP3? Do you use quotes or
escape it in any way?
Rgds,
Sig
On 8/7/2017 10:12 AM, Paul Engle wrote:
> In all those DNs, you have an empty DC component. I think that may be
> the real problem. We have a space in our service account DN, and it's
> never caused us any problems.
>
> -paul
>
> On 8/7/2017 8:33 AM, Petursson, Sigurdur wrote:
>> The Shibboleth IdP 3 appears to have issues with spaces in the
>> distinguished name during an LDAP bind:
>>
>> The following fail:
>>
>> idp.authn.LDAP.bindDN = CN=IDP Service
>> Account,CN=Users,DC=,DC=mydomain,DC=edu
>> idp.authn.LDAP.bindDN = CN=IDP\ Service\
>> Account,CN=Users,DC=,DC=mydomain,DC=edu
>> idp.authn.LDAP.bindDN = "CN=IDP Service
>> Account,CN=Users,DC=,DC=mydomain,DC=edu"
>> idp.authn.LDAP.bindDN = 'CN=IDP Service
>> Account,CN=Users,DC=,DC=mydomain,DC=edu'
>>
>> The binding works only after modifying the underlying service account
>> (removing spaces):
>>
>> idp.authn.LDAP.bindDN =
>> CN=IDPServiceAccount,CN=Users,DC=,DC=mydomain,DC=edu
>>
>> Note that LDAP bind with space in the DN takes place without issues with
>> client tools such as ldapsearch.
>>
>> Is there a way to escape the space or might this be a bug?
>>
>>
>>
>>
More information about the users
mailing list