[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4388) Problem with user group names containing commas

Full_Name: Ian Puleston
Version: 2.2.29
OS: Windows XP
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

The server appears to have a problem with user group names that contain a comma.
In the following example the group 'Group,X' is added OK, but when it is read
back the cn in its dn is returned as 'Group\2CX'. I verified with Ethereal that
it is coming back exactly like that from the server.

According to RFC1779 a comma in a string within an LDAP DN should be quoted as
per the mechanism in RFC822, and that mechanism uses a quoted pair ("\" CHAR) or
a quoted string (<"> *(qtext/quoted-pair) <">) so I would expect either
'Group\,X' or '"Group,X"', but not 'Group\2CX'.

I'm guessing the same will happen with user names containing commas, but haven't
tried it.

[OpenLDAP]: cat addgrp.txt
dn: cn="Group,X",ou=users,dc=tstDomain,dc=com
objectClass: groupOfNames
cn: Group,X
member: cn=Ian P,ou=users,dc=tstDomain,dc=com
[OpenLDAP]: ldapadd -D cn=administrator,ou=users,dc=tstDomain,dc=com -x -w
secret -f addgrp.txt
adding new entry "cn="Group,X",ou=users,dc=tstDomain,dc=com"
[OpenLDAP]: ldapsearch -D cn=administrator,ou=users,dc=tstDomain,dc=com -x -w
secret -b dc=tstDomain,dc=com "(cn=Group,X)"
# extended LDIF
# LDAPv3
# base <dc=tstDomain,dc=com> with scope sub
# filter: (cn=Group,X)
# requesting: ALL

# Group\2CX, users, tstDomain.com
dn: cn=Group\2CX,ou=users,dc=tstDomain,dc=com
objectClass: groupOfNames
cn: Group,X
member: cn=Ian P,ou=users,dc=tstDomain,dc=com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Here is the debug output from the server when adding the group where it goes
from the correct escaping to the apparently incorrect:

ber_scanf fmt ({m) ber:
>>> dnPrettyNormal: <cn="Group,X",ou=users,dc=tstDomain,dc=com>
=> ldap_bv2dn(cn="Group,X",ou=users,dc=tstDomain,dc=com,0)
<= ldap_bv2dn(cn="Group,X",ou=users,dc=tstDomain,dc=com)=0 Success
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=Group\2CX,ou=users,dc=tstDomain,dc=com)=0 Success
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=group\2Cx,ou=users,dc=tstdomain,dc=com)=0 Success
<<< dnPrettyNormal: <cn=Group\2CX,ou=users,dc=tstDomain,dc=com>,
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt ({m{W}}) ber:
ber_scanf fmt (}) ber:
=> bdb_dn2id( "cn=group\2Cx,ou=users,dc=tstdomain,dc=com" )