Description:
Using the same LDAP command with the same LDIF file to add a profile to an acid works with CA LDAP r12.0 and fails with CA LDAP r14.0
The LDAP command is as follows:
ldapmodify -x -D cn=User_Authorized -w Password -v -h Ip_Address p Port_Number -f Ldif_File
The LDIF file is as follows:
dn:tssproflist=#PROFID,tssacidgrp=proflist,tssacid=ACIDNAME,tssadmingrp=acids,host=hostname
changetype: add
Profile-Names: #PROFID
Solution:
A number of changes to CA LDAP Server in r14 have been made in order to better conform to the LDAP protocol specifications.
The LDAP protocol requires that the following characters be escaped when they appear in DNs:
, \ # + < > ; " =
In LDAP r12 we largely ignored this requirement, so the LDIF, while technically invalid, was accepted without complaint.
LDAP r14 does much stricter checking on the content of the DN, and so it rejects this request.
You can escape special characters by prefixing them with the \ character.
LDIF file needs to be changed from:
dn: tssproflist=#PROFID,tssacidgrp=proflist,... (snipped)
to
dn: tssproflist=\#PROFID,tssacidgrp=proflist,... (snipped)