Why Can I Not Add An Acid Starting With '#' Character Using An ldapadd Command?

Document ID : KB000020775
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

We want to use ldapadd to create an acid that starts with a '#' in the Top Secret security file.

We use the following ldif file to do it:

 dn: tssacid=#1234567,tssadmingrp=ACIDS,host=hostx,o=hosto,c=US
 name: Test William
 userPassword: Mypass01
 depto: DEPT001

 

and got error:

ldap_add: Invalid DN syntax

 

Below you can see an example of a ldif file using the "\":

version: 1                                                 
dn:tssacid=\#00002,tssadmingrp=acids,host=usi252me,o=ca,c=us
changetype: add                                            
objectClass: tssacid                                       
Name:DEFAULT USER 2                                        
tssacid:#00002                                             
User-Type:USER                                             
Department:D112                                            
userPassword:000002                                        
ExpireNow:Y                                                

 

Answer:

The '#' is required per LDAP standards to be escaped by a '\'.

The reason is that '#' means that the following byte is a hex value.

Without the '\', the '#' will not be taken as a text character.

 

Additional Information: 

 

For more information about CA LDAP, refer to: CA-LDAP Server for z/OS Product Guide.