IV69437: LDAP BASED USER MAY FAIL TO LOGIN WITH SPECIAL CHAR IN PASSWORD APPLIES TO AIX 7100-03
A fix is available
Closed as program error.
Many LDAP servers support special characters (like German umlauts or French characters with accents) in passwords. LDAP servers use UTF-8 for strings per design. If secldapclntd is configured with authtype:ldap_auth in /etc/security/ldap/ldap.cfg secldapclntd delegates password authority to the LDAP server. Most AIX instances do not use a full UTF-8 environment so a string handled is normally no UTF-8 string. If secldapclntd is configured with enableutf8_xlation:yes "secldapclntd" handles the conversion between local AIX encoding and UTF-8 encoding. This works fine for attributes but fails if the string to convert is a password login string. So a login always fails as soon as the password string consists of a character which would need conversion.
Circumvention: avoid passwords with non-7bit-ascii characters
LDAP user fails to login into a system when the password has a special character using ldap_auth.
Special characters in user's password is handled before sending to the LDAP server for successful user authentication.
Reported component name
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
Fixed component ID
Applicable component levels
R710 PSY U867640
UP15/05/19 I 1000
PTF to Fileset Mapping
U867640 bos.rte.security 220.127.116.11
More support for:
AIX Enterprise Edition
Software version: 710
Operating system(s): AIX
Reference #: IV69437
Modified date: 30 September 2015