Merge pull request #14839 from RussWhitehead/initLDAPSysUser-8.0.x

HPCC-25709 initldap requires LDAP FQDN on admin username

Reviewed-By: Kevin Wang <kevin.wang@lexisnexis.com>
Reviewed-By: Richard Chapman <rchapman@hpccsystems.com>

system/security/LdapSecurity/ldapconnection.cpp

@@ -560,7 +560,12 @@ public:
                 if (strstr(m_sysuser_commonname.str(), "Directory Manager"))
                     m_sysuser_dn.append("cn=Directory Manager");
                 else
-                    m_sysuser_dn.append("uid=").append(m_sysuser_commonname.str()).append(",").append(m_sysuser_basedn.str()).append(",").append(m_basedn.str());
+                {
+                    if (nullptr == strchr(m_sysuser_commonname.str(), '='))
+                        m_sysuser_dn.append("uid=").append(m_sysuser_commonname.str()).append(",").append(m_sysuser_basedn.str()).append(",").append(m_basedn.str());
+                    else
+                        m_sysuser_dn.append(m_sysuser_commonname.str());//includes FQDN prefix, use as is (likely from initldap)
+                }
             }
         }
 

tools/initldap/initldap.cpp

@@ -57,9 +57,11 @@ bool initLDAP(IPropertyTree * ldapProps)
     StringBuffer ldapAddress;
     ldapProps->getProp("@ldapAddress", ldapAddress);
 
+    bool is389DS = (0 == strcmp(serverType.get(), "389DirectoryServer") ? true : false);
+
     //Get LDAP admin creds from user
     char buff[100];
-    fprintf(stdout, "\nEnter the '%s' LDAP Admin User name on '%s'...",serverType.get(),ldapAddress.str());
+    fprintf(stdout, "\nEnter the '%s' LDAP Admin User name on '%s'.%s..",serverType.get(),ldapAddress.str(),is389DS?" Please include the attribute name prefix such as uid=adminName.":"");
     do
     {
         char * line = fgets(buff, sizeof(buff), stdin);