[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Aliasing entries with reserved characters

To: Pierangelo Masarati <masarati@aero.polimi.it>
Subject: Re: Aliasing entries with reserved characters
From: Christian Manal <moenoel@informatik.uni-bremen.de>
Date: Wed, 16 Feb 2011 10:25:16 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <4D5B95D7.5010302@aero.polimi.it>
References: <AANLkTinE-i_0vkD0wyPdpdXx+DkfqN83OAfR3NHy36Ex@mail.gmail.com> <4D5AA0C0.5030102@informatik.uni-bremen.de> <4D5B95D7.5010302@aero.polimi.it>
User-agent: Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.9.2.12) Gecko/20101110 Lightning/1.0b2 Icedove/3.1.6

Am 16.02.2011 10:16, schrieb Pierangelo Masarati:
> Christian Manal wrote:
>> Am 15.02.2011 08:04, schrieb MJ Hughes:
>>> Hi,
>>>
>>>
>>> I'm an LDAP newbie who has inherited the maintenance of an LDAP
>>> system, and
>>> am learning on the fly.  Until now I've been able to puzzle out all the
>>> issues I've faced, but finally my google fu has failed me, so I'm
>>> seeking
>>> more human assistance.
>>>
>>>
>>> My problem is with reserved characters, such as , (comma).  The system
>>> wasn't coping with RDNs that contained these characters, but this was
>>> easy
>>> enough to fix by simply escaping these characters with a backslash.
>>>
>>>
>>> My problem now involves trying to alias entries that contain these
>>> escaped
>>> characters - I am consistently getting "Invalid DN syntax".  This is
>>> what
>>> the code to add the alias looks like:
>>>
>>>
>>>
>>> $operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," .
>>> $locDN;
>>>
>>> $aliasParameterArray = array(
>>>
>>> "objectClass" => "alias",
>>>
>>> "aliasedObjectName" => $aliasDN
>>>
>>> );
>>>
>>> $result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
>>>
>>>
>>>
>>> The aliasSafe() function converts "=" => "\3D" and "," => "\,"
>>> (unless the
>>> commas have already been escaped).
>>>
>>>
>>> This produces DNs that have the following (hypothetical) format:
>>>
>>>
>>>
>>> $aliasDN: cn=Tomorrow\, When The War Began,cn=books,dc=library,dc=com
>>>
>>>
>>> $operationDN: cn\3DTomorrow\, When The War
>>> Began\,cn\3Dbooks\,dc\3Dlibrary\,dc\3Dcom,cn=titles,cn=John
>>> Marsden,cn=authors,dc=library,dc=com
>>>
>>>
>>>
>>> I've tried every encoding of the comma (in the book name) that I can
>>> think
>>> of (eg, a single backslash, a double backslash, a triple backslash,
>>> and even
>>> '\2C') but everything I've tried so far has given me the "Invalid DN
>>> syntax"
>>> error.  Could someone please help me with the syntax and encoding
>>> these DNs
>>> should have?
>>>
>>>
>>> Thanks,
>>>
>>> MJ
>>>
>>
>>
>> Hi,
>>
>> have a look at RFC 1485 section 2.2:
>>
>>    <http://www.faqs.org/rfcs/rfc1485.html>
>>
>> Double quotes around the RDN will solve your problem.
> 
> From <http://www.rfc-editor.org/>:
> 
> Number     More Info (Obs&Upd)         Status
> RFC1485    Obsoleted by RFC1779, RFC3494      HISTORIC
> 
> then there is a long list of obsolescence up to RFC4510, RFC4514 which
> are the current specs for DN representation; I note that RFC4514 does no
> longer mention quoting as allowed.  The fact that OpenLDAP accepts it is
> a matter of being friendly to obsolete, istoric clients.  Perpetuating
> that behavior is a Bad Thing.  The problem lies somewhere else, I
> suspect in some inconsistent escaping handling of the language used.
> 
> p.
> 

Thanks for the info. My two minute google research after MJ's second
mail didn't come up with that.


Regards,
Christian Manal

References:
- Aliasing entries with reserved characters
  - From: MJ Hughes <cyphermage@gmail.com>
- Re: Aliasing entries with reserved characters
  - From: Christian Manal <moenoel@informatik.uni-bremen.de>
- Re: Aliasing entries with reserved characters
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Re: Aliasing entries with reserved characters
Next by Date: Re: ldap auth does not works after openldap upgrade
Index(es):
- Chronological
- Thread