[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using OpenLDAP schema syntax rules in web form validation

--On Tuesday, May 25, 2004 1:27 PM -0500 Erik Mitchell <ErikM@logicpd.com> wrote:

I recently discovered a problem in one of the forms on my site that
collects customer information.

The validation regexps that I have do not match the LDAP schema rules
exactly, so it's possible that a user could submit a phone number, for
example, that passes my validation regexp but then throws a syntax
violation in the ldap_add operation.

Obviously, I could just resolve the difference by fixing my regexp, but
before I do that, I was wondering if anyone knows of a way to use LDAP's
syntax rules (wherever that code is) to validate form input (in a neat,
tidy way). The error that comes from ldap_add in this operation is pretty
non-specific, ie I don't get told which field is causing the error, just
that the whole operation has failed because of a syntax violation.

I'm using PHP, and I don't see anything like this in the documentation.

Any ideas would be appreciated.

That's odd, I always see what the syntax error is, if I catch the error code's correctly. Also, the slapd log on the master can used to get the error (just run at loglevel 256).

I see things like:

invalid #0 per syntax: sn multiple matching values provided

Note I'm doing that off the top of my head, it probably isn't the exact error, but it is pretty close. For telephone numbers, there is an ITU standard that says specifically what is or is not acceptable. A small amount of testing can tell you specifically what is/isn't allowed as well. We simply force phone numbers to be cleaned up to ITU specifications before they get added to the directory.


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html