[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to correctly escape search filters

To: "Jeremiah Martell" <inlovewithgod@gmail.com>
Subject: Re: How to correctly escape search filters
From: masarati@aero.polimi.it
Date: Tue, 27 Apr 2010 22:36:03 +0200 (CEST)
Cc: openldap-technical@openldap.org
Importance: Normal
In-reply-to: <n2z233eb301004271314i15841bb0l2c369daa5be3ba9@mail.gmail.com>
References: <n2z233eb301004271314i15841bb0l2c369daa5be3ba9@mail.gmail.com>
User-agent: SquirrelMail/1.4.15

> I've been trying to research how to correctly escape search filters, and I
> can't find any single
> reliable source that makes sense.
>
> I look at RFC 2253 (http://www.ietf.org/rfc/rfc2253.txt) section 2.4,
> and this IBM webpage (
> http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzahy/rzahyunderdn.htm
> ),
> and they both seem to suggest that you need to escape (for example) the
> '+'
> sign.
>
> But when I escape a search filter like this:
> (&(objectclass=person)(facsimileTelephoneNumber=+1234))
> to this:
> (&(objectclass=person)(facsimileTelephoneNumber=\+1234))
> it results in a bad filter.
>
> My hunch is that perhaps DNs, attribute names, and attribute values are
> all
> escaped different.
>
> Is there a simple explanation online on how to escape search filters?


RFC2253 was about string representation of DN, not filters.  RFC2254 was
about search filters.  They are both deprecated.  See RFC4510 for a list
of RFCs related to the current specification of LDAP.  In any case, '+'
does not need any escaping in search filters.  Escaping requires '\' +
two-digit hex representation of escaped octet; in your case, '\2B'.

p.

References:
- How to correctly escape search filters
  - From: Jeremiah Martell <inlovewithgod@gmail.com>

Prev by Date: How to correctly escape search filters
Next by Date: Multi master replication
Index(es):
- Chronological
- Thread