Unable to create a new entry in Apache Directory studio for LDAP integration with AEM

Question

Getting following error:

Error while creating entry - [LDAP: error code 67 - NOT_ALLOWED_ON_RDN: failed for MessageType : ADD_REQUES java.lang.Exception: [LDAP: error code 67 - NOT_ALLOWED_ON_RDN: failed for MessageType : ADD_REQUEST Message ID : 15 Add Request : Entry dn[n]: cn=bella+uid=bella+userPassword=54321,dc=example,dc=com objectClass: person objectClass: top objectClass: uidObject uid: bella sn: mcdonald cn: bella userPassword: 0x35 0x34 0x33 0x32 0x31 : ERR_62 Entry cn=bella+uid=bella+userPassword=54321,dc=example,dc=com does not have the userPassword attributeType, which is part of the RDN";] at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1374) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$9(DirectoryApiConnectionWrapper.java:1342) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$6.run(DirectoryApiConnectionWrapper.java:958) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1269) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkConnectionAndRunAndMonitor(DirectoryApiConnectionWrapper.java:1205) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.createEntry(DirectoryApiConnectionWrapper.java:980) at org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.createEntry(CreateEntryRunnable.java:225) at org.apache.directory.studio.ldapbrowser.core.jobs.CreateEntryRunnable.run(CreateEntryRunnable.java:124) at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:116) at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)

[LDAP: error code 67 - NOT_ALLOWED_ON_RDN: failed for MessageType : ADD_REQUEST Message ID : 15 Add Request : Entry dn[n]: cn=bella+uid=bella+userPassword=54321,dc=example,dc=com objectClass: person objectClass: top objectClass: uidObject uid: bella sn: mcdonald cn: bella userPassword: 0x35 0x34 0x33 0x32 0x31 : ERR_62 Entry cn=bella+uid=bella+userPassword=54321,dc=example,dc=com does not have the userPassword attributeType, which is part of the RDN";]

I have tried on 6.1 and 6.3 version of AEM, but it is still not working.

Answer 1

The error message says:

Your client is trying to add an entry with RDN cn=bella+uid=bella+userPassword=54321 but the entry itself does not contain the attribute with the value userPassword: 54321.

Whatever LDAP client you're using this is a horrible security nightmare!

You really MUST NOT put the userPassword in the RDN because it would be readable for any LDAP client allowed to search the user entry.

Answer 2

Two issues here :

Grabbed this from your error message : cn=bella+uid=bella+userPassword=54321,dc=example,dc=com

Issue #1 : Fundamentally, you are doing wrong. Please do not put userPassword in your DN ever. Everyone can see that password. DNs are not hidden.

Issue #2 : The objectClass included in the LDAPEntry do not contain the attribute userPassword. Please include organizationalPerson or user in your LDAP entry.