Unable to Create User in OID 11g with Non-Leading '#' in RDN Attribute without Escaping the Character. Errors: ldap_add: Invalid DN syntax | ldap_add: additional info: Error in DN Normalization (Doc ID 1399587.1)

Last updated on OCTOBER 03, 2016

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.

Symptoms

Unable to create an user with non-leading '#' in RDN attribute without escaping the character, however the Oracle's documentation explains that this should be possible according to RFC 4514

Example:

$ ldapadd -p port -D cn=orcladmin -w passwd -f user.ldif
adding new entry cn=Scott.Tiger#,cn=users,dc=us,dc=oracle,dc=com
ldap_add: Invalid DN syntax
ldap_add: additional info: Error in DN Normalization.

sample ldif file:
----------------
dn: cn=Scott.Tiger#,cn=users,dc=us,dc=oracle,dc=com
cn: Scott.Tiger#
sn: Scott.Tiger#
objectclass: top
objectclass: person
objectclass: inetorgperson
objectclass: organizationalPerson
objectclass: orcluser
objectclass: orcluserv2
userpassword: welcome1

Oracle's documentation explains that OID 11g supports the RFC 4514 "String Representation of Distinguished Names" and from RFC pages we can see the following:

Appendix B. Changes Made since RFC 2253:

Updated the Section 3 ABNF. Changes include:
+ did not require escaping of non-leading number sign ('#' U+0023) characters

For additional information see:

Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1)
Appendix N - RFCs Supported by Oracle Internet Directory

Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names RFC 4514

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms