Full_Name: Dan Sullivan Version: 2.4.40-7.el6_7 OS: RHEL URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (205.208.122.230) Hi, I am reporting what I believe to be a bug in the translucent overlay proxy. It appears that two contiguous non-escaped spaces in the middle of a DN will get sent to the remote server as a single space. For example, if I have the following record being dumped from the local database using slapcat: dn: cn=foo\2C bar [BSD] - HGD,ou=general accounts,ou=accounts,ou=hgd,dc=somedomain,dc=uchicago,dc=edu gidNumber: 339792922 uidNumber:3939798516 homeDirectory: /home/fbar sAMAccountName: fbar objectClass: person There are two spaces between bar and [BSD]. If I query LDAP for uidNumber (via translucent local), the search DN that is passed to the remote server only has one space in it. Based on my understanding it is acceptable to have any number of spaces in a DN without escaping them (as long as they are not the first or the last characters in the field). I verified that only a single space is being sent to the remote server by doing a packet capture and looking at the actual LDAP query being sent. If it would help to provide configuration, additional logs, or a packet capture please advise and I can provide this. I believe my overlay proxy works fine otherwise. Dan
dsullivan2@bsd.uchicago.edu wrote: > Full_Name: Dan Sullivan > Version: 2.4.40-7.el6_7 > OS: RHEL > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (205.208.122.230) > > > Hi, > > I am reporting what I believe to be a bug in the translucent overlay proxy. It > appears that two contiguous non-escaped spaces in the middle of a DN will get > sent to the remote server as a single space. For example, if I have the > following record being dumped from the local database using slapcat: This is not a bug. As specified in X.520, multiple consecutive spaces are insignificant. Closing this ITS. > > dn: cn=foo\2C bar [BSD] - HGD,ou=general > accounts,ou=accounts,ou=hgd,dc=somedomain,dc=uchicago,dc=edu > gidNumber: 339792922 > uidNumber:3939798516 > homeDirectory: /home/fbar > sAMAccountName: fbar > objectClass: person > > There are two spaces between bar and [BSD]. If I query LDAP for uidNumber (via > translucent local), the search DN that is passed to the remote server only has > one space in it. Based on my understanding it is acceptable to have any number > of spaces in a DN without escaping them (as long as they are not the first or > the last characters in the field). I verified that only a single space is being > sent to the remote server by doing a packet capture and looking at the actual > LDAP query being sent. > > If it would help to provide configuration, additional logs, or a packet capture > please advise and I can provide this. > > I believe my overlay proxy works fine otherwise. > > Dan > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Thank you for taking the time to reply to me (I assume you are very busy). I apologize for this, I wouldn’t report this as a bug unless I thought it really was. Dan Sullivan > On Apr 11, 2016, at 7:12 PM, Howard Chu <hyc@symas.com> wrote: > > dsullivan2@bsd.uchicago.edu wrote: >> Full_Name: Dan Sullivan >> Version: 2.4.40-7.el6_7 >> OS: RHEL >> URL: ftp://ftp.openldap.org/incoming/ >> Submission from: (NULL) (205.208.122.230) >> >> >> Hi, >> >> I am reporting what I believe to be a bug in the translucent overlay proxy. It >> appears that two contiguous non-escaped spaces in the middle of a DN will get >> sent to the remote server as a single space. For example, if I have the >> following record being dumped from the local database using slapcat: > > This is not a bug. As specified in X.520, multiple consecutive spaces are insignificant. > > Closing this ITS. > >> >> dn: cn=foo\2C bar [BSD] - HGD,ou=general >> accounts,ou=accounts,ou=hgd,dc=somedomain,dc=uchicago,dc=edu >> gidNumber: 339792922 >> uidNumber:3939798516 >> homeDirectory: /home/fbar >> sAMAccountName: fbar >> objectClass: person >> >> There are two spaces between bar and [BSD]. If I query LDAP for uidNumber (via >> translucent local), the search DN that is passed to the remote server only has >> one space in it. Based on my understanding it is acceptable to have any number >> of spaces in a DN without escaping them (as long as they are not the first or >> the last characters in the field). I verified that only a single space is being >> sent to the remote server by doing a packet capture and looking at the actual >> LDAP query being sent. >> >> If it would help to provide configuration, additional logs, or a packet capture >> please advise and I can provide this. >> >> I believe my overlay proxy works fine otherwise. >> >> Dan >> >> > > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP http://www.openldap.org/project/ ******************************************************************************** This e-mail is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged and confidential. If the reader of this e-mail message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is prohibited. If you have received this e-mail in error, please notify the sender and destroy all copies of the transmittal. Thank you University of Chicago Medicine and Biological Sciences ********************************************************************************
Created attachment 642 [details] attachment-28634-0.html Hi, I am no longer with the University of Chicago; please email support@rt.cri.uchicago.edu if you require assistance. Best, Dan Sullivan