Friday, September 9, 2011

LDAP Error 21: The request contains invalid syntax.


In my test environment, I have configured an external data store which is connected to OpenDJ 2.4.3. My OpenAM configuration store is connected to the same OpenDJ instance.



I was trying to perform a simple load-test and needed some test users. As such, I tried to create new users via the OpenAM Administration Console. Since "First Name" is not compulsory, I skipped that field.

No good. I encountered "LDAP Error 21: The request contains invalid syntax.".

Very strange. How can this be? When my external data store was Sun DSEE, I have never encountered the same issue before.

A look at the OpenDJ access log revealed the following:

[08/Sep/2011:14:54:43 +0800] ADD REQ conn=71 op=3 msgID=278 dn="uid=test001,ou=people,o=st701" [08/Sep/2011:14:54:43 +0800] ADD RES conn=71 op=3 msgID=278 result=21 message="Entry "uid=test001,ou=people,o=st701" contains a value "" for attribute givenName that is invalid according to the syntax for that attribute: The operation attempted to assign a zero-length value to an attribute with the directory string syntax" etime=4


A check with OpenDJ indicated that "Directory String" has a property "allow-zero-length-values" set to false by default.

How to resolve?

$ bin/dsconfig -h am1.sg.azlabs -p 888 -D "cn=Directory Manager" -w [password] set-attribute-syntax-prop \
-n --syntax-name "Directory String" --set allow-zero-length-values:true



PS: The 2 product teams (OpenAM vs OpenDJ) have to talk to each other. Both products have to work seamlessly out-of-the-box. One team has to give in to another at times. My thought.

1 comment: