Re: Using OpenLDAP schema syntax rules in web form validation

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Tuesday, May 25, 2004 1:27 PM -0500 Erik Mitchell <ErikM@logicpd.com> 
wrote:

> Hello,
> I recently discovered a problem in one of the forms on my site that
> collects customer information.
>
> The validation regexps that I have do not match the LDAP schema rules
> exactly, so it's possible that a user could submit a phone number, for
> example, that passes my validation regexp but then throws a syntax
> violation in the ldap_add operation.
>
> Obviously, I could just resolve the difference by fixing my regexp, but
> before I do that, I was wondering if anyone knows of a way to use LDAP's
> syntax rules (wherever that code is) to validate form input (in a neat,
> tidy way). The error that comes from ldap_add in this operation is pretty
> non-specific, ie I don't get told which field is causing the error, just
> that the whole operation has failed because of a syntax violation.
>
> I'm using PHP, and I don't see anything like this in the documentation.
>
> Any ideas would be appreciated.

That's odd, I always see what the syntax error is, if I catch the error 
code's correctly.  Also, the slapd log on the master can used to get the 
error (just run at loglevel 256).

I see things like:

invalid #0 per syntax: sn multiple matching values provided

Note I'm doing that off the top of my head, it probably isn't the exact 
error, but it is pretty close.  For telephone numbers, there is an ITU 
standard that says specifically what is or is not acceptable.  A small 
amount of testing can tell you specifically what is/isn't allowed as well. 
We simply force phone numbers to be cleaned up to ITU specifications before 
they get added to the directory.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html