Novell Home

My Favorites

Close

Please to see your favorites.

DSFW: ldapsearch fails when the entryDN specified in search filter contains spaces before or after comma

This document (7012759) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server 11 SP1 (OES11SP1) 
Novell Open Enterprise Server 11 SP2 (OES11SP2) 
Domain Serivces for Windows
DSFW

Situation

Ldapsearch fails when the entryDN specified in search filter contains spaces before or after comma.
Workstation join to a DSFW domain using a vb script fails when a custom computer container is used.

The end result is that workstation is not joined, while the expected result is that join has taken place.
A wireshark packet trace shows the following:

88    0.000538    172,16,32,141    172.16.32.221    LDAP    428   
addRequest(10) "CN=WINXP03-01,OU=XP_STD, DC=OES11SP1, DC=COM" 
89    0.000858    172.16.32.221    172.16.32.141    LDAP    101   
addResponse(10) noSuchObject (NDS error: no such entry (-601))

A ndstrace +ldap shows:

1744934656 LDAP: [2013/04/23 15:06:12.250] (172.16.32.141:1358)(0x00a9:0x68)
DoAdd on connection 0x40b0c000
1744934656 LDAP: [2013/04/23 15:06:12.250] (172.16.32.141:1358)(0x00a9:0x68)   
 add: dn (CN=WINXPSP03-01,OU=XP_STD,DC=OES11SP1,DC=COM)
1744934656 LDAP: [2013/04/23 15:06:12.252] (172.16.32.141:1358)(0x00a9:0x68)
Cannot resolve NDS name 'OU=XP_STD.Do=oes11sp1' in ResolveAndAuthNDSName, err =
no such entry (-601)
1744934656 LDAP: [2013/04/23 15:06:12.253] (172.16.32.141:1358)(0x00a9:0x68)
Base "OU=XP_STD, DC=OES11SP1, DC=COM" not found, err = no such entry (-601)
1744934656 LDAP: [2013/04/23 15:06:12.253] (172.16.32.141:1358)(0x00a9:0x68)
Sending operation result 32:"":"NDS error: no such entry (-601)" to connection
0x40b0c000

The resolve name request is truncated, 
'OU=XP_STD.Do=oes11sp1' instead of OU=XP_STD,DC=OES11SP1,DC=COM being used
which is the reason for the -601 error being returned.

Resolution

The changes that will be done as part of this bug fix are:

1. Supporting the lookup of computer names which comes as part of tgs requests and the name is without '$'.

2. Password change for the cluster node was failing with access denied error is part of this fix.

Additional Information

Fix is in the July 2013 Maintenance Patch

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7012759
  • Creation Date:02-JUL-13
  • Modified Date:12-DEC-13
    • NovellOpen Enterprise Server
    • SUSESUSE Linux Enterprise Server
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback