[Date Prev][Date Next] [Chronological] [Thread] [Top]

"EQUALS" ('=') in DN string representation (ITS#3229)

Full_Name: Pierangelo Masarati
Version: 2.2/2.1
OS: irrelevant
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

After a short discussion with Hallvard Furuseth, which followed a posting from
Hendrik Harms http://www.openldap.org/lists/openldap-software/200407/msg00224.html
, it emerged that current releases of slapd (2.2, 2.1) treat the EQUALS ('=')
according to our interpretation of the (buggy) RFC 2253 and not according to
draft-ietf-ldapbis-dn, i.e. EQUALS in the value part of an AVA is __ALWAYS__
escaped when converting from DN to string representation, and it must be escaped
when parsing from string to DN representation.

I suggest, for future releases (possibly from 2.3, to avoid changing such an
important behavior in the middle of a minor), to change it into:
    - allow parsing from string to DN representation with or without escaping,
      so that any of "=", "\=", "\3D" is equivalent;
    - always generate string representations from DN in escaped form
      (I personally suggest "\3D" to ease efficient subparsing inside the code,
      e.g. for ACLs or so, Hallvard is more inclined towards the more readable 
      "\=" form, and this can be discussed later) to minimize the possibility
      of incompatiilities between different versions of software
    - we should defer the generation of string representations without escaping
      to a moment when these backwards compatibility issues are negligible.

I wrote this as an ITS to keep track of its evolution; I'm about to commit a
change to HEAD that is protected behind #define LDAP_DEVEL, so it does not get
into release.