New subject: [Issue 10174] Fails to authenticate user against Active directory if double space is present in the user's DN in AD

11 Feb 2024


      https://bugs.openldap.org/show_bug.cgi?id=10174
Issue ID: 10174
           Summary: Fails to authenticate user against Active directory if
                    double space is present in the user's DN in AD
           Product: OpenLDAP
           Version: 2.4.44
          Hardware: All
                OS: Linux
            Status: UNCONFIRMED
          Keywords: needs_review
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: bugs@openldap.org
          Reporter: codedriller@gmail.com
  Target Milestone: ---
In a proxy configuration when using Meta backend to connect to Active
directory, an AD user can't be authenticated through OpenLDAP if there is a
double space somewhere in his or her Active directory's DN, for example:
CN=John Doe,OU=IT  Department,DC=example,DC=com.
I'm no LDAP expert but I suppose that the reason for this is that after slapd
does initial samAccountName search, it normalizes the found DN including
removing a double space according to RFC 2252 paragraph 8.1., then the bind
attempt is made using the normalized DN and it fails, because Active directory
has no built-in double space removal (or it can be disabled somehow), and the
normalized DN does not match the real DN in Active directory. Excuse me if my
usage of LDAP terms is not accurate.
-- 
You are receiving this mail because:
You are on the CC list for the issue.

[Issue 10174] New: Fails to authenticate user against Active directory if double space is present in the user's DN in AD