Setting up LDAP Authentication for Sentinel products when base context has spaces in the name

Document ID:7005849
Creation Date:28-Apr-2010
Modified Date:26-Apr-2012
- Micro Focus Products:
  Sentinel

Environment

Novell Sentinel RD
Novell Sentinel 6.1 SP2
Novell Sentinel Log Manager

Situation

In recent releases of Sentinel, it is possible to enable accounts to be validated against an LDAP directory, a feature called in the Sentinel documents as "LDAP Authentication".

This feature was introduced with Sentinel 6.1 SP1 HF2, Sentinel 6.1 RD HF2 and Sentinel Log Manager HF4. Notice that this functionality was not feature complete in the initial release.

To configure this feature the script ldap_auth_config.sh (or .bat in Windows) is provided. When the option of anonymous searches is used, it is possible to specify an LDAP subtree to search for users. If this subtree path contains a space in the DN, the validation of the user will fail. A LAN trace of the process will show that only the portion of the DN up to the space is used for the search.

Resolution

The setting for the base of the search is specified in the config/auth.login file in the following line:
userProvider=" ldap://137.65.151.12:636/DC=Test-AD,DC=provo,DC=novell,DC=com"

This line provides the reference to the LDAP server and base context as an URI (Uniform Resource Identifiers). It's syntax is governed by RFC 2396.In order to escape white spaces in an URI, you need to replace it's value with a %20. For example, for a base context of "ou=with space,dc=test,dc=com", the line would be:

userProvider="ldap://137.65.151.12:636/ou=with%20space,dc=test,dc=com"