[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: wildcard search


* Kurt D. Zeilenga <Kurt@OpenLDAP.org> [2004-08-12 02:19]:
> Looks to me like the client asserted a filter which contained
> four invalid substrings assertions.

/me notes: ssa = substring assertion. thanks.

> Without details of the PDU (hexdump of the BER encoded LDAP
> message), it's hard to say what exactly the client is doing, but I
> would guess it not properly escaping user input when producing the
> string representation of the search filter it passes to the LDAP
> client library it is calling, resulting in unexpected behavior.

that sounds perfectly reasonable, it just won't account for the fact
that the same client works well with my other openldap 2.1.4.
but I'll look into prodviding a dump.

> That is, I assume it is treating your "*" input just as it
> did "blah", disregarding the fact that "*" is special to the
> filter string representation.  That leads to things like
> (cn=***), an assertion of two empty ANY substrings.  As
> substrings of the Directory String syntax cannot be empty,
> each of the assertions is Undefined.

thanks for explaining this.
I really need to dig deeper.

Peter.Schober@univie.ac.at - Vienna University Computer Center
Universitaetsstrasse 7, A-1010 Wien, Austria/Europe
Tel. +43-1-4277-14155, Fax. +43-1-4277-9140