[Date Prev][Date Next]
Re: Using OpenLDAP schema syntax rules in web form validation
--On Tuesday, May 25, 2004 1:27 PM -0500 Erik Mitchell <ErikM@logicpd.com>
I recently discovered a problem in one of the forms on my site that
collects customer information.
The validation regexps that I have do not match the LDAP schema rules
exactly, so it's possible that a user could submit a phone number, for
example, that passes my validation regexp but then throws a syntax
violation in the ldap_add operation.
Obviously, I could just resolve the difference by fixing my regexp, but
before I do that, I was wondering if anyone knows of a way to use LDAP's
syntax rules (wherever that code is) to validate form input (in a neat,
tidy way). The error that comes from ldap_add in this operation is pretty
non-specific, ie I don't get told which field is causing the error, just
that the whole operation has failed because of a syntax violation.
I'm using PHP, and I don't see anything like this in the documentation.
Any ideas would be appreciated.
That's odd, I always see what the syntax error is, if I catch the error
code's correctly. Also, the slapd log on the master can used to get the
error (just run at loglevel 256).
I see things like:
invalid #0 per syntax: sn multiple matching values provided
Note I'm doing that off the top of my head, it probably isn't the exact
error, but it is pretty close. For telephone numbers, there is an ITU
standard that says specifically what is or is not acceptable. A small
amount of testing can tell you specifically what is/isn't allowed as well.
We simply force phone numbers to be cleaned up to ITU specifications before
they get added to the directory.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html