A minus (-) sign at the beginning of the password will cause a problem during DS instance creation. The minus sign will be interpreted incorrectly as an option by the pwdhash so it will fail. This problem sometimes affects Samba test, although very rarely, because the test generates random passwords that may include this character. Given a fixed input, this problem can be reproduced consistently. Execute start-ds.pl and enter a password starting with a minus sign: Directory Manager DN [cn=Directory Manager]: Password: -abcdefg Password (confirm): -abcdefg /usr/bin/pwdhash-bin: invalid option -- 'a' usage: /usr/bin/pwdhash-bin -D config-dir [-H] [-s scheme | -c comparepwd ] password... Could not import LDIF file '/tmp/ldifYNMV3w.ldif'. Error: 256. Output: importing data ... [08/Dec/2009:16:34:21 -0600] dse - The entry cn=config in file /etc/dirsrv/slapd-test/dse.ldif is invalid, error code 89 (Bad parameter to an ldap routine) - nsslapd-rootpw: password scheme mismatch (passwd scheme is SSHA; password is clear text) [08/Dec/2009:16:34:21 -0600] dse - Could not load config file [dse.ldif] [08/Dec/2009:16:34:21 -0600] dse - Please edit the file to correct the reported problems and then restart the server. Rich suggested that the pwdhash should support a '--' parameter and the setup tool should be changed to call 'pwdhash -- $pwdtohash' to avoid this problem. The failure to load dse.ldif is caused by empty nsslapd-rootpw, presumably caused by the pwdhash failure earlier. The setup tool should terminate as soon as a problem with pwdhash is detected.
Created attachment 397640 [details] Patch Patch tested on Fedora 12.
pushed to master To ssh://git.fedorahosted.org/git/389/ds.git 0f6734d..e8f5064 master -> master commit e8f50642bd3e19ad528b453850304611ab86506d Author: Endi S. Dewata <edewata> Date: Wed Mar 3 13:25:45 2010 -0600
Thanks Nathan for the steps :) Tested Comment#3 working fine : ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w -amitasharma -b "cn=config" ldapsearch -x -p 389 -h localhost -D "cn=Directory Manager" -w -amita-sharma- -b "cn=config" Marking as VERiFIED.
This fix was included long ago in 389-ds-base-1.2.6. Closing this out.