My Oracle Support Banner

Unable to Create User in OID 11g with Non-Leading '#' in RDN Attribute without Escaping the Character. Errors: ldap_add: Invalid DN syntax | ldap_add: additional info: Error in DN Normalization (Doc ID 1399587.1)

Last updated on FEBRUARY 26, 2019

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.


Unable to create an user with non-leading '#' in RDN attribute without escaping the character, however the Oracle's documentation explains that this should be possible according to RFC 4514


$ ldapadd -p port -D cn=orcladmin -w passwd -f user.ldif
adding new entry cn=Firstname.Lastname#,cn=users,dc=company,dc=com
ldap_add: Invalid DN syntax
ldap_add: additional info: Error in DN Normalization.

sample ldif file:
dn: cn=Firstname.Lastname#,cn=users,dc=company,dc=com
cn: Firstname.Lastname#
sn: Firstname.Lastname#
objectclass: top
objectclass: person
objectclass: inetorgperson
objectclass: organizationalPerson
objectclass: orcluser
objectclass: orcluserv2
userpassword: <PASSWORD>

Oracle's documentation explains that OID 11g supports the RFC 4514 "String Representation of Distinguished Names" and from RFC pages we can see the following:

Appendix B. Changes Made since RFC 2253:

Updated the Section 3 ABNF. Changes include:
+ did not require escaping of non-leading number sign ('#' U+0023) characters

For additional information see:

Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1)
Appendix N - RFCs Supported by Oracle Internet Directory

Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names RFC 4514


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.