Bug 1374 - invalid_dn_syntax error when joining an OU with a #
Summary: invalid_dn_syntax error when joining an OU with a #
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: net utility (show other bugs)
Version: 3.0.4
Hardware: Other All
: P3 normal
Target Milestone: none
Assignee: Jim McDonough
QA Contact:
Depends on:
Reported: 2004-05-21 17:42 UTC by Marc Kaplan
Modified: 2006-04-05 20:48 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Marc Kaplan 2004-05-21 17:42:12 UTC
If you run net ads join OU#50, you will get the invalid_dn_syntax error. This is
a valid OU, so net should be able to add our machine account there.

To reproduce:
1. Create an OU named OU#55
2. Run net ads join OU#55 -Uadministrator%password
3. Notice the error
Comment 1 Jim McDonough 2004-11-16 14:19:55 UTC
A little more info here: an OU cannot contain a # unless it is escaped.  This is
LDAP syntax.  If you actually look in the LDAP tree in your domain, OU#55 will
be called ou=OU\#55,dc=...etc.

However, we currently assume all \ and / characters mean that string is supposed
to be converted to a "path" of OUs, so OU\#55 is converted to ou=#55,ou=OU,dc=...
and a\b\c would be ou=c,ou=b,ou=a,dc=...

I'm proposing that we change it to only accept / as a separator, but I'm waiting
for some feedback first.
Comment 2 Jim McDonough 2006-04-05 20:48:17 UTC
Fixed in r14931.  Sorry it took so long to check in.

I changed it to use only '/' as the separator for multiple levels of OU.  Special chars such as # aren't allowed in LDAP, but ads uses '\' to escape them.  The join will require "ou\\#55" on the commandline, as you need to escape the escape char :-).