[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Error searching DNs with escaped special characters
- To: <ando@sys-net.it>
- Subject: RE: Error searching DNs with escaped special characters
- From: "Ken Turley" <kturley@invizeon.com>
- Date: Mon, 21 Jul 2003 08:40:35 -0600
- Cc: <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcNNf9EwyF77Qx4fQFK+Ol45StJ8IACFU83A
- Thread-topic: Error searching DNs with escaped special characters
And is Nikita's problem related to the one I described with my post originally under this subject heading on 7/17/2003? (text of posting attached) Thanks, K. Turley.
-----Original Message-----
From: Pierangelo Masarati [mailto:ando@sys-net.it]
Sent: Friday, July 18, 2003 4:30 PM
To: big_nikita@mtu-net.ru
Cc: openldap-software@OpenLDAP.org
Subject: Re: Error searching DNs with escaped special characters
> Oh, sorry
> I`m running
> OpenLDAP 2.1.16 and 2.1.22
>
>>And this doesn`t work too!
>>dn: x509issuer=CN=test \22sa\22 sadf\,C=RU,O=ca
>
> dn: x509issuer=CN=test \5C\22sa\5C\22 sadf\,C=RU,O=ca
> worked but this is wrong !!!
The parsing works correctly:
[ando@nb ldap]$ ./libraries/libldap/dntest 'x509issuer=CN=test \22sa\22
sadf\,C=RU,O=ca' V3 V3,PRETTY
ldap_rdn2str() = "x509issuer=CN=test \"sa\" sadf\2CC=RU"
ldap_rdn2str() = "O=ca"
ldap_dn2str(ldap_str2dn("x509issuer=CN=test \22sa\22 sadf\,C=RU,O=ca"))
= "x509issuer=CN=test \"sa\" sadf\2CC=RU,O=ca"
ldap_dn2domain("x509issuer=CN=test \22sa\22 sadf\,C=RU,O=ca")
= "(null)"
ldap_dn2ufn("x509issuer=CN=test \22sa\22 sadf\,C=RU,O=ca")
= "CN=test \22sa\22 sadf\2CC=RU, ca"
ldap_dn2dcedn("x509issuer=CN=test \22sa\22 sadf\,C=RU,O=ca")
= "/O=ca/x509issuer=CN\=test "sa" sadf\,C\=RU"
ldap_dcedn2dn("/O=ca/x509issuer=CN\=test "sa" sadf\,C\=RU")
= "x509issuer=CN=test \22sa\22 sadf\2CC=RU,O=ca"
ldap_dn2ad_canonical("x509issuer=CN=test \22sa\22 sadf\,C=RU,O=ca")
= "ca/CN\=test "sa" sadf\,C\=RU"
ldap_explode_dn("x509issuer=CN=test \"sa\" sadf\2CC=RU,O=ca"):
"x509issuer=CN=test \22sa\22 sadf\2CC=RU"
ldap_explode_rdn("x509issuer=CN=test \22sa\22 sadf\2CC=RU")
'x509issuer=CN=test \22sa\22 sadf\2CC=RU'
ldap_explode_rdn("x509issuer=CN=test \22sa\22 sadf\2CC=RU") (no
types)
"CN=test \22sa\22 sadf\2CC=RU"
"O=ca"
ldap_explode_rdn("O=ca")
'O=ca'
ldap_explode_rdn("O=ca") (no types)
"ca"
ldap_explode_dn("x509issuer=CN=test \"sa\" sadf\2CC=RU,O=ca") (no types):
"CN=test \22sa\22 sadf\2CC=RU"
"ca"
"x509issuer=CN=test \"sa\" sadf\2CC=RU,O=ca"
== "x509issuer=CN=test \"sa\" sadf\2CC=RU,O=ca" ? yes
but slapd fails because x509issuer is not defined (that's what I got);
did you define that attribute in your system? What definition did you
use?
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
From: Ken Turley
Sent: Thursday, July 17, 2003 10:35 AM
To: openldap-software@OpenLDAP.org
Subject: Error searching DNs with escaped special characters
Hello to all,
I am experiencing inconsistencies when searching for DNs that contain the following escaped special characters:
",", "+", """, "\", "<", ">", ";"
(ref. Section 3 of RFC 2253 at http://www.faqs.org/rfcs/rfc2253.htmldefines)
********************************
I'm running:
OpenLDAP 2.1.16
Back-sql (MS SQL Server 2000)
********************************
----------------------------------------------------------------------
Problem description:
1) The following DN with no escaped character works fine:
> ldapsearch -x -b "cn=CITY EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US" cn
# extended LDIF
#
# LDAPv3
# base <cn=CITY EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US> with scope sub
# filter: (objectclass=*)
# requesting: cn
#
# CITY EMS COMMISSIONER, ROLES, MYCO, US
dn: cn=CITY EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US
cn: City, EMS Commissioner
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
2) The following DN with "<" escaped works fine. Note that the "<" is included as the actual character in the "dn: ..." line of the search result:
> ldapsearch -x -b "cn=CITY\< EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US" cn
# extended LDIF
#
# LDAPv3
# base <cn=CITY\3C EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US> with scope sub
# filter: (objectclass=*)
# requesting: cn
#
# CITY\3C EMS COMMISSIONER, ROLES, MYCO, US
dn: cn=CITY\< EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US
cn: City, EMS Commissioner
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
NOTE 1: specifying ldapsearch ... "cn=CITY\3C EMS... also works
NOTE 2: success holds for each of 4 special chars """, "<", ">", ";"
3) The following DN with "," escaped fails.
> ldapsearch -x -b "cn=CITY\, EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US" cn
# extended LDIF
#
# LDAPv3
# base <cn=CITY\, EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US> with scope sub
# filter: (objectclass=*)
# requesting: cn
#
# search result
search: 2
result: 0 Success
# numResponses: 1
NOTE 1: specifying ldapsearch ... "cn=CITY\2C EMS... also fails
NOTE 2: failure is same for each of 3 special chars ",", "+", "\"
NOTE 3: can retrieve the directory entry performing the search as follows (see how special character now shows as ASCII hex value 2C in both result lines):
> ldapsearch -x -b "dc=ROLES,o=MYCO,c=US" "(cn=city*ems*)" cn
# extended LDIF
#
# LDAPv3
# base <dc=ROLES,o=MYCO,c=US> with scope sub
# filter: (cn=city*ems*)
# requesting: cn
#
# CITY\2C EMS COMMISSIONER, ROLES, MYCO, US
dn: cn=CITY\2C EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US
cn: City, EMS Commissioner
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
---------------------------------------------
I have searched the ITS, forums and source change logs for references to this behavior, but wasn't able to come up with anything. I'm suspecting this may be a bug at the server level since failure occurs whether using ldapsearch client or Java browser client. Will hold off filing an ITS entry pending replies.
Thanks in advance for any info!
Ken Turley
Invizeon Corp.