[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Valid characters in username and password?





--On Thursday, August 11, 2005 1:39 PM -0400 Jeremiah Martell <inlovewithgod@gmail.com> wrote:

Kurt,

   That helps. I'm also interested in how this relates to looking up
usernames with a filter. Let's say I want to look up "bob", so I
search for "(|(cn=bob))". And I get a hit. Well, what if I want to
lookup something bogus like "tr)@*(((D=+-JK34" Those parentheses,
stars, and equal signs will mess up my ldap filter if I plug them
right in:

bob
"(|(cn=bob))"
Valid search filter


The above filter is somewhat silly. What are you or'ing it with? :) A better filter would just be:

"(cn=bob)"



tr)@*(((D=+-JK34
"(|(cn=tr)@*(((D=+-JK34))"
Invalid search filter

You still don't need the "or" in the above filter.

Something like:

"(cn=tr\)@*\(\(\(D\=+-JK34)"

is probably closer (but not necessarily correct, I didn't test it).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin