[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Special Character Handling in the LDAP DN and entry attributes



On Tuesday, July 27, 2004, at 12:41 PM, Wu Miao wrote:
I meet an issue of handling special characters in the LDAP. As RFC2253 defined DN handling should escape the special characters such as ",", "+", """, "\", "<", ">" or ";". The question here is that does the special character needs to be escaped in the entry attributes?  More specific here:  LDAP entry looks like that:

dn: cn=test\, user11, ou=Expired, o=Bungalo, domainComponent=Mission190, domainComponent=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: pkiUser
objectClass: entrustUser
cn: test, user11
certSubjectDn: cn=This\, is\, a\, test, ou=Expired, o=Bungalo, domainComponent=Mission190, domainComponent=com
mail: "rfc822Name=testuser11@mission180.com" "dNSName=testuser11.mission180.co
 m" "iPAddress=1.1.1.4"


certSubjectDn is a new attribute I populated in LDAP schema to hold the value of a certificate subject Dn with the cn value is  This, is, a, test. What's the correct way to save this certSubjectDn attribute in LDAP? Should the special character (comma) be escaped or not? Notice that the cn attribute above doesn't escape the comma, that's why I'm confusing here. Is there any RFC regulates this? Thanks very much.

I don't know about an RFC, but as a practical matter, note that attributes are parsed according to different syntax rules, as specified in your schema. The syntax rule for certSubjectDN should be 1.3.6.1.4.1.1466.115.121.1.12, I believe, and it will take a different view of commas than the syntax for cn.

	Donn Cave, donn@u.washington.edu