[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: (ITS#4388) Problem with user group names containing commas
> Actually, on re-reading RFC 2253, that is not correct and it should not
> really be using this form of escaping in this case. From RFC 2253
> section 2.4:
>
> If a character to be escaped is one of the list shown above, then it
> is prefixed by a backslash ('\' ASCII 92).
>
> Otherwise the character to be escaped is replaced by a backslash and
> two hex digits, which form a single byte in the code of the
> character.
>
> The comma character is in that list, and so being pedantic it should
> simply be prefixed by a '\'.
Actually, <draft-ietf-ldapbis-dn> states that
Each octet of the character to be escaped is replaced by a backslash
and two hex digits, which form a single octet in the code of the
character. Alternatively, if and only if the character to be escaped
is one of
' ', '"', '#', '+', ',', ';', '<', '=', '>', or '\'
(U+0020, U+0022, U+0023, U+002B, U+002C, U+003B,
U+003C, U+003D, U+003E, U+005C respectively)
it can be prefixed by a backslash ('\' U+005C).
so escaping is correct either as performed by OpenLDAP tools or as you
expect it; we chose to use the hexpair form because it allows to perform
simple DN string representation manipulation (e.g. RDN extraction and so)
without the need to re-parse it, consider escaping and so. If you want
the alternate representation you can parse the DN and have it stringified
again with some combination of the optional flags to ldap_dn2str() and
related calls; for example, LDAP_DN_FORMAT_LDAPV2 uses the form you
expect, although deprecated.
p.
Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team
SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office: +39.02.23998309
Mobile: +39.333.4963172
Email: pierangelo.masarati@sys-net.it
------------------------------------------