[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP search filter validation

To: "Brandon McCombs" <bmccombs@ma.rr.com>
Subject: Re: LDAP search filter validation
From: "Greg B" <ldapn00b@gmail.com>
Date: Tue, 17 Oct 2006 15:28:54 +1000
Cc: OpenLDAP-software@openldap.org
Content-disposition: inline
In-reply-to: <45345F77.30609@ma.rr.com>
References: <2819a38c0610161841i55d8e33fpcea018e88941080e@mail.gmail.com> <45345F77.30609@ma.rr.com>

hi Brandon, what OpenLDAP API calls have you used? if you just did
invoked LDAP search, then that doesn't really help because I'm already
doing that and by that point in time its already too late.

On 10/17/06, Brandon McCombs <bmccombs@ma.rr.com> wrote:

Greg B wrote:
> hi,
>
> Does OpenLDAP provide any routines for validating whether a given
> string represents a valid LDAP search filter? This is for me to detect
> invalid configuration settings in my LDAP client, and report the
> problem to the end-user as early as possible. For example, I want to
> catch settings like LDAPFilter="(cn=foo)", since they don't conform to
> the RFC 2254. Also, a side question, is the use of brackets around the
> main filter definition compulsory? All of the LDAP tools I have at my
> disposal seem to allow just cn=foo type filters...
>
> thanks in advance,
>
> regards,
> Greg
>

Well, as a test I did objectclass>f (without quotes) and I got back an
error stating "missing equals" so yes you can leave off the parenthesis
and yes you will get validation related errors back (at least in some
cases from what I've experienced).

hope that helps
Brandon

Follow-Ups:
- Re: LDAP search filter validation
  - From: Brandon McCombs <bmccombs@ma.rr.com>

References:
- LDAP search filter validation
  - From: "Greg B" <ldapn00b@gmail.com>
- Re: LDAP search filter validation
  - From: Brandon McCombs <bmccombs@ma.rr.com>

Prev by Date: Re: LDAP search filter validation
Next by Date: Re: LDAP search filter validation
Index(es):
- Chronological
- Thread