Re: Valid characters in username and password?

["Kurt D. Zeilenga" <Kurt@OpenLDAP.org>]

OpenLDAP client tools, and underlying client library routines,
expect filters to be presented using the string representation
detailed in RFC 2254.  See RFC 2254 for details on how to escape
characters special to this representation.  Of course, as you
likely are passing these strings through a command line, or
a programming language, you may also need to escape characters
of the string special to the interface.

Regards, Kurt

At 10:39 AM 8/11/2005, Jeremiah Martell wrote:
>Kurt,
>
>   That helps. I'm also interested in how this relates to looking up
>usernames with a filter. Let's say I want to look up "bob", so I
>search for "(|(cn=bob))". And I get a hit. Well, what if I want to
>lookup something bogus like "tr)@*(((D=+-JK34" Those parentheses,
>stars, and equal signs will mess up my ldap filter if I plug them
>right in:
>
>bob
>"(|(cn=bob))"
>Valid search filter
>
>tr)@*(((D=+-JK34
>"(|(cn=tr)@*(((D=+-JK34))"
>Invalid search filter
>
>   Is there anyway to know which characters to filter, or anyway to
>escape them (like with a backslash in C?)
>
>  - Jeremiah
>  inlovewithGod@gmail.com
>
>On 8/11/05, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
>> At 06:42 AM 8/11/2005, Jeremiah Martell wrote:
>> >What characters are valid in a LDAP username or password?
>> 
>> OpenLDAP Software generally uses userPassword for passwords,
>> its an octetString compared octetwise per RFC 2256.  Client
>> software is responsible for ensuring any character data in
>> passwords is presented in a common way on the wire.
>> 
>> Usernames in LDAP are generally DNs.  OpenLDAP Software does
>> not place significant restrictions on the kinds of values one
>> can use in naming.
>> 
>> (OpenLDAP supports SASL, usernames and passwords (where used)
>> depend on the mechanism involved.)
>> 
>> Kurt
>> 
>>