ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Why Can I Not Add An Acid Starting With '#' Character Using An ldapadd Command?

book

Article ID: 20775

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC 24X7 High-Availability Manager for DB2 for z/OS Batch Processor Compile QQF Data Compressor for DB2 for z/OS CA Unicenter NSM RC/Update for DB2 for z/OS DB2 TOOLS- DATABASE MISC PanApt PanAudit Top Secret Top Secret - LDAP

Issue/Introduction

Question:

We want to use ldapadd to create an acid that starts with a '#' in the Top Secret security file.

We use the following ldif file to do it:

 dn: tssacid=#1234567,tssadmingrp=ACIDS,host=hostx,o=hosto,c=US
 name: Test William
 userPassword: Mypass01
 depto: DEPT001

 

and got error:

ldap_add: Invalid DN syntax

 

Below you can see an example of a ldif file using the "\":

version: 1                                                 
dn:tssacid=\#00002,tssadmingrp=acids,host=usi252me,o=ca,c=us
changetype: add                                            
objectClass: tssacid                                       
Name:DEFAULT USER 2                                        
tssacid:#00002                                             
User-Type:USER                                             
Department:D112                                            
userPassword:000002                                        
ExpireNow:Y                                                

 

Answer:

The '#' is required per LDAP standards to be escaped by a '\'.

The reason is that '#' means that the following byte is a hex value.

Without the '\', the '#' will not be taken as a text character.

 

Additional Information: 

 

For more information about CA LDAP, refer to: CA-LDAP Server for z/OS Product Guide.

Environment

Release:
Component: TSSLDP