[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: equal character forbidden in DN


after discussion, the result is that '=' in DN string representations
is not allowed by current releases, based on our interpretation of
an ambiguous (and thus buggy) RFC 2253; Hallvard Furuseth points
out that draft-ietf-ldapbis-dn allows unescaped '=' as well as escaped
forms like '\=' and '\3D', so future releases of OpenLDAP will
comply to it.  At the moment you need to escape equals.  If you're
interested in the evolution of this issue, please check


Thanks for raising the issue.


Harms, Hendrik (EXTERN: TOJAQ) wrote:

My old openldap-2.1.26 accepts DNs with the '=' character in it. My
openldap-2.1.29 doesn't:

Example "dn: Document=254 Page=1-2,ou=data,dc=MyCompany"

       Document=254 Page=1-2

ber_scanf fmt ({m) ber:

dnPrettyNormal: <Document=254 Page=1-2,ou=data,dc=MyCompany>

=> ldap_bv2dn(Document=254 Page=1-2,ou=data,dc=MyCompany,0)
<= ldap_bv2dn(Document=254 Page=1-2,ou=data,dc=MyCompany,0)=84
do_add: invalid dn (Document=254 Page=1-2,ou=data,dc=MyCompany)
send_ldap_result: conn=0 op=1 p=3
send_ldap_result: err=34 matched="" text="invalid DN"
send_ldap_response: msgid=2 tag=105 err=34
ber_flush: 24 bytes to sd 10
conn=0 op=1 RESULT tag=105 err=34 text=invalid DN

Is the equal character behind "Page" not allowd by spec or is the
openldap-2.1.29 broken in this point?

   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497