[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP URI

To: Emmanuel Dreyfus <manu@netbsd.org>
Subject: Re: LDAP URI
From: Philip Guenther <guenther+ldaptech@sendmail.com>
Date: Thu, 20 Sep 2012 22:21:12 -0700
Cc: openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sendmail.com; s=tls.dkim; t=1348204880; bh=pEitTpNlzBIL++L3Blvl3KWdvu9+F4Cj/XFhaabXUKo=; h=Date:From:To:cc:Subject:In-Reply-To:Message-ID:References: MIME-Version:Content-Type; b=GEA05E/AvEc3XbXRy8BGAsbcPA/YLPCxsCxuj6xpSlCvdYlmyn5RJrhEbA1w7IzyY mH0d0NyQHR0dmizgQzW9YMMsYmfBNTaRBIUO16neAx80SbYTh4022m8u3xep/T5t+p x33vmFwhmoWB/ETWwwkKDsnAn7epogvvSIWqYgIg=
In-reply-to: <1kqrf18.1pxp0f51npbztbM%manu@netbsd.org>
References: <1kqrf18.1pxp0f51npbztbM%manu@netbsd.org>
User-agent: Alpine 2.00 (BSO 1167 2008-08-23)

On Fri, 21 Sep 2012, Emmanuel Dreyfus wrote:
> Philip Guenther <guenther+ldaptech@sendmail.com> wrote:
> 
> > You asked what characters in an LDAP search filter have to be percent
> > encoded when including that search filter in an LDAP URI.  That's the
> > question I answered above.
> 
> Oh, right, there was some misunderstanding, I though you were taking
> about escaping characters in the whole URI. If we only talk about the
> filter, then everything makes sense.
> 
> But I am still puzzled about if I should use \3f or %3f, or %5c3f for a
> litteral ?

If you have to ask that question, you're doing it wrong.


1) you start with a search filter encoded according to the rules in
   RFC 4515. 
2) To encode *that string* inside the filter part of an LDAP URL, follow 
   the rules in RFC 4516.


So: imagine your search filter is this:
	(cn=Bob ?)
which is the *exact same filter* as this:
	(cn=Bob \3f)

Those both follow the rules of RFC 4515, and have the *same meaning*.

To encode those in a URL, you have to percent-escape two of the characters 
in each.  In this filter:
	(cn=Bob ?)

the space and the '?' must be encoded, so it would show up in a URL like 
this:
	ldap://ldap.example.com/???(cn=Bob%20%3f)


In this filter:
	(cn=Bob \3f)

*which has the same meaning as the previous one*, the space and the 
backslash must be encoded, so it would show up in a URL like this:
	ldap://ldap.example.com/???(cn=Bob%20%5c3f)


Philip Guenther

Follow-Ups:
- Re: LDAP URI
  - From: Emmanuel Dreyfus <manu@netbsd.org>

References:
- Re: LDAP URI
  - From: manu@netbsd.org (Emmanuel Dreyfus)

Prev by Date: Re: LDAP URI
Next by Date: Re: LDAP URI
Index(es):
- Chronological
- Thread