[389-users] Double quoted distinguished names

Chris St. Pierre stpierre at NebrWesleyan.edu
Wed Jun 3 18:41:39 UTC 2009 

On Wed, 3 Jun 2009, tamarin p wrote:

> Hi,
>
> i apologize that i am revisiting this topic yet again but as we found out,
> double quoted distinguished names are no longer possible in 1.2.0. We
> initially discovered the problem for the aliasedobjectname class but it
> later turned out its a fault with double quoted dns in general and the
> schema violation we got for aliasedobjectname was because a doublequoted dn
> always leads for some bizare reason to the creation of an attribute with the
> double quoted part as the attr/value pair, so the schema violation was
> effect rather than cause.. we are also fairly certain they worked prior to
> this as we initially did some tests with 1.1.0, 1.1.2 and 1.1.3 without
> encountering into any problems with this.
>
> I was told in another thread that the double quoted syntax is deprecated and
> that escapes should be used instead. Is it then safe to assume that double
> quoted style will not be fixed (or at least have extremely low priority)? We
> have some clients who sometimes give us LDIFs for adding to the directory
> and they prefer the double quoted syntax as more easily readable. I can
> write convert script for them easily enough to handle the obvious cases but
> I won't go through the effort if there is a chance this will be fixed one
> minor version down the road.

I just ran into the same problem, actually, and found one of your old
mailing list posts on it; I'd been meaning to ask about it on the
mailing list, so thanks for reminding me. :)

The ns-newpwpolicy.pl script creates double-quoted DNs, which are then
impossible (AFAICT) to modify.  In other words, if you follow the
documented procedure for creating per-user or per-subtree password
policies, it doesn't work because the policy container is created with
a double-quoted DN.

In addition to the OP's question, what's the Right Thing to do with
password policies?  Will it work if I create the policy containers by
hand with the hex escape syntax?  Or do I need to create them by hand
and populate them at creation time (since it's apparently still
possible to _add_ entries with double-quoted DNs, just not modify
them), and delete-and-recreate if I need to modify my policy?

Thanks!

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

More information about the 389-users mailing list