Re: LDAP search filter validation

[Brandon McCombs <bmccombs@ma.rr.com>]

Greg B wrote:
> hi Brandon, what OpenLDAP API calls have you used? if you just did
> invoked LDAP search, then that doesn't really help because I'm already
> doing that and by that point in time its already too late.
>
> On 10/17/06, Brandon McCombs <bmccombs@ma.rr.com> wrote:
> > Greg B wrote:
> > > hi,
> > >
> > > Does OpenLDAP provide any routines for validating whether a given
> > > string represents a valid LDAP search filter? This is for me to detect
> > > invalid configuration settings in my LDAP client, and report the
> > > problem to the end-user as early as possible. For example, I want to
> > > catch settings like LDAPFilter="(cn=foo)", since they don't conform to
> > > the RFC 2254. Also, a side question, is the use of brackets around the
> > > main filter definition compulsory? All of the LDAP tools I have at my
> > > disposal seem to allow just cn=foo type filters...
> > >
> > > thanks in advance,
> > >
> > > regards,
> > > Greg
> > >
> >
> > Well, as a test I did objectclass>f (without quotes) and I got back an
> > error stating "missing equals" so yes you can leave off the parenthesis
> > and yes you will get validation related errors back (at least in some
> > cases from what I've experienced).
> >
> > hope that helps
> > Brandon
Actually I'm using Java JNDI API which is compatible with OpenLDAP (as 
long as I don't attempt to do anything with the schema at which point I 
run into some usability issues).  Actually, OpenLDAP is compatible with 
JNDI, not the other way around. If you have a C API I would presume it 
would do the same thing because it's the directory server that is 
responsible for working with a given API so unless OpenLDAP isn't 
consistent across APIs you should have the same experience with the C 
API if that is what you are using.

As a side note, I'm using Novell's LDAP API for accessing OpenLDAP's schema.

Brandon