6 Replies Latest reply: Jan 7, 2011 1:39 AM by PhHein RSS

    JNDI InvalidNameException due to '+' character in DN

    843793
      Hello,

      I am trying to add a sub-entry in my LDAP server using the following code:
      .....
      samlPId = "J7Tbik5v+UFenexZ136hS/MUPa4=";
      myAttrs.put("samlPId",samlPId);
      myAttrs.put("samlIdProvider",samlIdProvider);
          try {
            InitialDirContext ct = new InitialDirContext(props);
            ct.createSubcontext("ldap://localhost:389/samlPId="+samlPId+","+"cn="+userName+","+"o=My Org,c=gb", myAttrs);
            System.out.println("** Entry added **");
        }catch(NamingException exception){
            System.out.println("**** Error ****");
            exception.printStackTrace();
        }
      ......
      This causes the following error:
      javax.naming.InvalidNameException: Invalid name: samlPId=J7Tbik5v+UFenexZ136hS/MUPa4=,cn=User1,o=University of Kent,c=gb; remaining name '"samlPId=J7Tbik5v+UFenexZ136hS/MUPa4=,cn=User1,o=University of Kent,c=gb"'
           at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:86)
           at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:45)
           at javax.naming.ldap.LdapName.parse(LdapName.java:772)
           at javax.naming.ldap.LdapName.<init>(LdapName.java:108)
           at com.sun.jndi.ldap.LdapCtx.addRdnAttributes(LdapCtx.java:899)
           at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:780)
           at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
           at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
           at com.sun.jndi.toolkit.url.GenericURLDirContext.createSubcontext(GenericURLDirContext.java:210)
           at com.sun.jndi.url.ldap.ldapURLContext.createSubcontext(ldapURLContext.java:385)
           at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:178)
           at ldap.LDAPResolver.addSAMLInLDAP(LDAPResolver.java:268)
      If I remove the '+' character from the samlPId, it works just fine. Then I manually added the samlPId value with '+' character and it was successfully added too. So I am sure there is no problem at the LDAP side.

      So is it the issue with the JNDI itself? Does it cause this exception if there is a '+' inside any DN? or does '+' character bear any special meaning in JNDI?

      Any help will be highly appreciated. Thanks in advance.
        • 1. Re: JNDI InvalidNameException due to '+' character in DN
          EJP
          Create the name as a Name, not as a String.
          • 2. Re: JNDI InvalidNameException due to '+' character in DN
            843793
            Thank you very much for your reply. I also tried it previously and the result was just same. For your convenience, the code follows:
            .....
            samlPId = "J7Tbik5v+UFenexZ136hS/MUPa4=";
            myAttrs.put("samlPId",samlPId);
            myAttrs.put("samlIdProvider",samlIdProvider);
            String dn = "ldap://localhost:389/samlPId="+samlPId+","+"cn="+userName+","+"o=My Org,c=gb";
            Name n = new CompositeName().add(dn);
                try {
                  InitialDirContext ct = new InitialDirContext(props);
                  ct.createSubcontext(n, myAttrs);
                  System.out.println("** Entry added **");
              }catch(NamingException exception){
                  System.out.println("**** Error ****");
                  exception.printStackTrace();
              }
            ......
            I even tried to escape the + character with the same exception.

            Regards,
            Ripul
            • 3. Re: JNDI InvalidNameException due to '+' character in DN
              EJP
              String dn = "ldap://localhost:389/samlPId="+samlPId+","+"cn="+userName+","+"o=My Org,c=gb";
              Name n = new CompositeName().add(dn);
              That's not what I meant. Add each piece of the name separately to the CompositeName as a Name. You need to avoid the part of the name parser that splits it up, you have to do that yourself. You might have to escape the plus, and maybe the / too.
              • 4. Re: JNDI InvalidNameException due to '+' character in DN
                843793
                Thank you once again for the reply. I was on a leave and just received your answer today. Could you please be more specific? An example would be great. Could you please point to some references that explains the problem I am facing?

                Regards,
                Ripul
                • 5. Re: JNDI InvalidNameException due to '+' character in DN
                  Jean Francois
                  Hi Ripul,

                  The "+" character is a DN special character used to denote a multi-attribute RDN. EJP has you on the right track, that is all special DN characters need to be escaped.

                  EJP's approach is simplest and best, rely on the API to know and escape your special characters. Otherwise you'll need to know and manually escape them in the string...

                  JF

                  Edited by: Jean Francois on Jan 6, 2011 11:13 AM
                  • 6. Re: JNDI InvalidNameException due to '+' character in DN
                    PhHein
                    Please don't post in threads that are long dead and don't hijack other threads. When you have a question, start your own topic. Feel free to provide a link to an old post that may be relevant to your problem.

                    I'm locking this thread now.