Re: [Ejbca-develop] Wrong DN in ldap publisher when using equas sign in entity name

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I've attached lddiff's of one of our old LDAP entry and one of our new LDAP entries, created by EJBCA.

My problem is, that the new.ldiff has two "cn" fields of which one is cut off and the other one has the equals sign escaped with a backslash.
And the cut off version is then used for the Subject dn.

I hope this clears things up a bit.

regards
nomike

-----Ursprüngliche Nachricht-----
Von: Michael Ströder [mailto:mi...@st...] 
Gesendet: Dienstag, 3. März 2015 11:51
An: ejb...@li...
Betreff: Re: [Ejbca-develop] Wrong DN in ldap publisher when using equas sign in entity name

Michael Postmann wrote:
> When I create a new end entity with the name 'CMS...@ex...' an LDAP entry is published which has two DNs:
> 'CMS_9999000451_001_test_blah_MAIL' and 
> 'CMS_9999000451_001_test_blah_MAIL\=fo...@ex...'
> 
> of which the former is used as the name for the entry.
> 
> I'm wondering why the extra backslash is added and why there are two DNs.

I admit that I don't fully understand your issue. It would probably help if you provide an LDIF export of the two entries.

Note that = is one of the DN special chars which must be escaped to be part of a RDN value in the DN string representation (see RFC 4514). The accompanying attribute values should only contain the unescaped value.

Ciao, Michael.