[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP search filter validation

hi Brandon, what OpenLDAP API calls have you used? if you just did
invoked LDAP search, then that doesn't really help because I'm already
doing that and by that point in time its already too late.

On 10/17/06, Brandon McCombs <bmccombs@ma.rr.com> wrote:
Greg B wrote:
> hi,
> Does OpenLDAP provide any routines for validating whether a given
> string represents a valid LDAP search filter? This is for me to detect
> invalid configuration settings in my LDAP client, and report the
> problem to the end-user as early as possible. For example, I want to
> catch settings like LDAPFilter="(cn=foo)", since they don't conform to
> the RFC 2254. Also, a side question, is the use of brackets around the
> main filter definition compulsory? All of the LDAP tools I have at my
> disposal seem to allow just cn=foo type filters...
> thanks in advance,
> regards,
> Greg

Well, as a test I did objectclass>f (without quotes) and I got back an
error stating "missing equals" so yes you can leave off the parenthesis
and yes you will get validation related errors back (at least in some
cases from what I've experienced).

hope that helps