[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Extensible Match Filters
At 02:21 PM 2/5/01 -0800, Brent Holland wrote:
>Is is possible for a LDAPV3 extensible match filter to contain an assertion value with Substring Assertion syntax in the form:
>
> ldapsearch (attr:dn:1.2.3.4.5.6.7:=*foo*bar*)
>
>The RFC's seem to be in conflict on this type of value production in the extensible filter: reference section 4.5.1 of RFC 2251, section 4 of RFC 2254, and section 8.3 of RFC 2252.
The above filter is illegal. If value contains '*', it must
be escaped. For example, to test for Kurt*Zeilenga in the
common name:
(cn:dn:1.3.6.1.4.1.1466.115.121.1.58:=foo\2Abar)
Note that if you wanted to search the any substring "foo*bar"
you'd have to do:
(cn:dn:1.3.6.1.4.1.1466.115.121.1.58:=\2Afoo\5C2Abar\2A)
Note the "*" in the substring must be escaped per
RFC 2252, 8.2 / 4.3 when producing substring value "*foo\2Abar*"
and then this escaped per RFC2254, 4.
Kurt