[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Characters in DN

"David A. Cooper" wrote:

> This is something that I came across late last year. I also noticed that dn_validate/dn_normalize functions did not perform enough processing to always match two identical DNs. In addition to the example you cited, the functions also could not compare plain text with quoted text, text with escaped characters, or BER encoded text. For example, the following 4 DNs should all match:
> cn=David Cooper
> cn="David Cooper"
> cn=David\20Cooper
> cn=#130C446176696420436F6F706572
> I wrote some code that could normalize all of these, but it has not yet been included into the main development branch of the code. What I have written is available for download at http://csrc.nist.gov/pki/testing/openLDAP_contrib.html, however, as it is several months old, the patch will probably not work against the current code base.
> I will download the current code in the development branch of the CVS tree, integrate my code with it, and then post an updated patch file as soon as I can.

Sure. I didn't really mean to criticize the code,
since I haven't been working very much on dn
syntax/normalization, and actually I didn't even
have problems with the current implementation.
Recently I happened to commit some changes
to rdn parsing for dn renaming; that's how I got
curious about the topic. I'd prefer that those who
worked on the current implementation of
dn_validate/normalize take care of it; however,
I can do it if no one else has time to spare.

BTW, did you submit an ITS?


Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   | http://www.aero.polimi.it/~masarati