Notes on Java, Solaris, PHP, LDAP…

December 4, 2007

eDirectory LDAP – default rights and allowed values

Filed under: Uncategorized — negev @ 7:12 pm
Tags: ,

Due to default behavior of LDAP/eDirectory it also adds an ACL entry
for the user who created a group/container/object, e.g. “ACL: 16#subtree#cn=User
Name,ou=User Container,…,o=top-container#

[Entry Rights]”.


eDirectory (Novell’s LDAP product) suprisingly allows a lot of special characters for string attribute values (such as attribute ‘description’), but it forbids plus + character.

Following characters are OK, although some are not advisable if you want to compare the values in LDAP queries etc: =,#()[]”‘~\@:.-/!&*^ And some of them are not allowed for CN/OU or other special attributes.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at

%d bloggers like this: