[Date Prev][Date Next]
Characters in DN
I note from RFC 2253 that
> If the UTF-8 string does not have any of the following characters
> which need escaping, then that string can be used as the string
> representation of the value.
> o a space or "#" character occurring at the beginning of the
> o a space character occurring at the end of the string
> o one of the characters ",", "+", """, "\", "<", ">" or ";"
> Implementations MAY escape other characters.
but OpenLDAP's dn parsing functions don't seem to consider anything
but dn and rdn separators (see for instance
and macro RDN_NEEDSESCAPE in servers/slapd/slap.h).
I guess it should read
#define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"' || (c) == '<'
|| (c) == '>')
as a consequence, if I add an entry of the form
and then an entry
they are treated like they're the same (correct) but only because
the escapes '\' of chars that do not need escape (according to
RDN_NEEDSESCAPE) are ignored when validating dns. I guess
the second example (cn=<Ando>,dc=my,dc=org) should rather
be treated as an error.
should I go on and fix it?
On another note, I made a change to rdn_attrs that eliminates
escapes from attribute values parsed out of a rdn to perform
attribute add[/delete] when changing a rdn, so that
results in adding
to the entry. I didn't find anything about this on RFCs. Does anybody
have any comments before I commit the change?
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:email@example.com
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati