[Date Prev][Date Next] [Chronological] [Thread] [Top]


On Fri, 21 Sep 2012, Emmanuel Dreyfus wrote:
> Philip Guenther <guenther+ldaptech@sendmail.com> wrote:
> > You asked what characters in an LDAP search filter have to be percent
> > encoded when including that search filter in an LDAP URI.  That's the
> > question I answered above.
> Oh, right, there was some misunderstanding, I though you were taking
> about escaping characters in the whole URI. If we only talk about the
> filter, then everything makes sense.
> But I am still puzzled about if I should use \3f or %3f, or %5c3f for a
> litteral ?

If you have to ask that question, you're doing it wrong.

1) you start with a search filter encoded according to the rules in
   RFC 4515. 
2) To encode *that string* inside the filter part of an LDAP URL, follow 
   the rules in RFC 4516.

So: imagine your search filter is this:
	(cn=Bob ?)
which is the *exact same filter* as this:
	(cn=Bob \3f)

Those both follow the rules of RFC 4515, and have the *same meaning*.

To encode those in a URL, you have to percent-escape two of the characters 
in each.  In this filter:
	(cn=Bob ?)

the space and the '?' must be encoded, so it would show up in a URL like 

In this filter:
	(cn=Bob \3f)

*which has the same meaning as the previous one*, the space and the 
backslash must be encoded, so it would show up in a URL like this:

Philip Guenther