>From 77c8f3ecc2900551d77ddb754688aeb176c9da60 Mon Sep 17 00:00:00 2001 From: Nathan Kinder Date: Tue, 21 Jul 2009 07:09:52 -0700 Subject: [PATCH] Use LDAPv3 DN values in ns-newpwpolicy script. The DN used by the ns-newpwpolicy script to refer to the pwpolicy subentries are not legal. We need to escape ',' chars in the value instead of just trying to use double-quotes around the value. --- .../src/scripts/template-ns-newpwpolicy.pl.in | 22 +++++++++++-------- 1 files changed, 13 insertions(+), 9 deletions(-) diff --git a/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in b/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in index caf06db..fe09920 100755 --- a/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in +++ b/ldap/admin/src/scripts/template-ns-newpwpolicy.pl.in @@ -110,11 +110,13 @@ sub usage { # Now, check if the user/group exists if ($opt_S) { + my $esc_opt_S = $opt_S; + $esc_opt_S =~ s/,/\\,/g; print (STDERR "host = $opt_h, port = $opt_p, suffixDN = \"$opt_S\"\n\n") if $opt_v; @base=( "cn=nsPwPolicyContainer,$opt_S", - "cn=\"cn=nsPwPolicyEntry,$opt_S\",cn=nsPwPolicyContainer,$opt_S", - "cn=\"cn=nsPwTemplateEntry,$opt_S\",cn=nsPwPolicyContainer,$opt_S", + "cn=cn=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S", + "cn=cn=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S", "cn=nsPwPolicy_cos,$opt_S" ); @@ -126,25 +128,25 @@ sub usage { "objectclass: top\n", "objectclass: nsContainer\n\n" ); @pwpolicy=( - "dn: cn=\"cn=nsPwPolicyEntry,$opt_S\",cn=nsPwPolicyContainer,$opt_S\n", + "dn: cn=cn=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n", "objectclass: top\n", "objectclass: ldapsubentry\n", "objectclass: passwordpolicy\n\n" ); @template=( - "dn: cn=\"cn=nsPwTemplateEntry,$opt_S\",cn=nsPwPolicyContainer,$opt_S\n", + "dn: cn=cn=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n", "objectclass: top\n", "objectclass: extensibleObject\n", "objectclass: costemplate\n", "objectclass: ldapsubentry\n", "cosPriority: 1\n", - "pwdpolicysubentry: cn=\"cn=nsPwPolicyEntry,$opt_S\",cn=nsPwPolicyContainer,$opt_S\n\n" ); + "pwdpolicysubentry: cn=cn=nsPwPolicyEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n\n" ); @cos=( "dn: cn=nsPwPolicy_cos,$opt_S\n", "objectclass: top\n", "objectclass: LDAPsubentry\n", "objectclass: cosSuperDefinition\n", "objectclass: cosPointerDefinition\n", - "cosTemplateDn: cn=\"cn=nsPwTemplateEntry,$opt_S\",cn=nsPwPolicyContainer,$opt_S\n", + "cosTemplateDn: cn=cn=nsPwTemplateEntry\\,$esc_opt_S,cn=nsPwPolicyContainer,$opt_S\n", "cosAttribute: pwdpolicysubentry default operational-default\n\n" ); @all=(\@container, \@pwpolicy, \@template, \@cos); @@ -190,6 +192,8 @@ sub usage { if ($opt_U) { my $norm_opt_U = normalizeDN($opt_U); + my $esc_opt_U = $norm_opt_U; + $esc_opt_U =~ s/,/\\,/g; print (STDERR "host = $opt_h, port = $opt_p, userDN = \"$norm_opt_U\"\n\n") if $opt_v; $retcode = `$ldapsearch -h $opt_h -p $opt_p -b \"$norm_opt_U\" -s base \"\"`; if ($retcode != 0 ) { @@ -208,7 +212,7 @@ sub usage { @base=( "cn=nsPwPolicyContainer,$parentDN", - "cn=\"cn=nsPwPolicyEntry,$norm_opt_U\",cn=nsPwPolicyContainer,$parentDN" + "cn=cn=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN" ); $ldapadd="$ldapmodify -p $opt_p -h $opt_h -D \"$opt_D\" -w \"$opt_w\" -c -a 2>&1"; @@ -219,7 +223,7 @@ sub usage { "objectclass: top\n", "objectclass: nsContainer\n\n" ); @pwpolicy=( - "dn: cn=\"cn=nsPwPolicyEntry,$norm_opt_U\",cn=nsPwPolicyContainer,$parentDN\n", + "dn: cn=cn=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN\n", "objectclass: top\n", "objectclass: ldapsubentry\n", "objectclass: passwordpolicy\n\n" ); @@ -251,7 +255,7 @@ sub usage { $i=$i+1; } - $target = "cn=\"cn=nsPwPolicyEntry,$norm_opt_U\",cn=nsPwPolicyContainer,$parentDN"; + $target = "cn=cn=nsPwPolicyEntry\\,$esc_opt_U,cn=nsPwPolicyContainer,$parentDN"; $modConfig = "dn: $norm_opt_U\nchangetype: modify\nreplace:pwdpolicysubentry\npwdpolicysubentry: $target\n\n"; open(FD,"| $modifyCfg "); print(FD $modConfig); -- 1.6.2.5