NetWorker AD/LDAP Integration Failing With "LDAP: error code 34"

Summary: Adding Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) to NetWorker fails with LDAP error code 34. This error is appearing because there is a special character in one of the Distinguished Name (DN) fields while integrating external authentication. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

AD/LDAP integration from the NetWorker Management Console (NMC) or NetWorker Web User Interface (NWUI) fails, the following error appears:

Failed to verify configuration CONFIG_NAME: An error occurred while processing LDAP request: CN=#IT,dc=amer,dc=lan: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090C21, comment: Error processing name, data 0, v3839]

AD/LDAP integration using authc_config command or authc-create-xx-config script fails with the following error:

Error executing command. Failure: 400 Bad Request. Server message: Failed to verify configuration labad: cn=#IT: [LDAP: error code 34 - 0000208F: NameErr: DSID-0310022D, problem 2006 (BAD_NAME), data
8349, best match of:
        'CN=#IT,dc=amer,dc=lan'
 ]; nested exception is javax.naming.InvalidNameException: cn=#IT: [LDAP: error code 34 - 0000208F: NameErr: DSID-0310022D, problem 2006 (BAD_NAME), data 8349, best match of:
        'CN=#IT,dc=amer,dc=lan'
 ]; remaining name 'cn=#IT'

Cause

There is a special character in a Distinguished Name (DN) field specified in the external authority integration. The special character is interfering with the path and must be properly escaped. 
 

LDAP error code 34: This code signifies an "Invalid DN Syntax" error. It means that the DN provided in the request is not correctly formatted.
0000208F: LdapErr: DSID-0C090C21: This part of the message is specific to Microsoft's Active Directory and provides internal details about where the error occurred.
0000208F: NameErr: DSID-0310022D: This part of the message is specific to Microsoft's Active Directory and provides internal details about where the error occurred.
Error processing name: This indicates that the LDAP server encountered a problem while trying to process the DN.
Problem 2006 (BAD_NAME): This indicates that the LDAP server encountered a problem with the DN; it is considered a "bad name"
 

Common causes for this error include:

  • Incorrect DN format: Ensure that the DN follows the correct syntax, such as CN=John Doe,OU=Users,DC=example,DC=com.
  • Special characters: Avoid using special characters that are not properly escaped.

Resolution

If a special character resides in a Distinguished Name (DN) used in the external authority configuration, it must be escaped. In the example shown in this article, a Group Search Path was set to:

CN=#IT,dc=amer,dc=lan

 The # must be escaped using a backslash (\):

CN=\#IT,dc=amer,dc=lan

Additional Information

The following special characters must be escaped to ensure proper formatting and avoid errors:

  • Comma (,): \,
  • Backslash (\): \\
  • Pound sign (#): \#
  • Plus sign (+): \+
  • Less than symbol (<): \<
  • Greater than symbol (>): \>
  • Semicolon (;): \;
  • Double quote ("): \"
  • Equal sign (=): \=
  • Leading or trailing spaces: \

Affected Products

NetWorker

Products

NetWorker
Article Properties
Article Number: 000034493
Article Type: Solution
Last Modified: 14 Mar 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.