Using UTF-8 in DN

2009-05-13 Thread Dmitry Katsubo 
Dear Perl LDAP users!

I wonder, if somebody has succeeded to use UTF-8 symbols in DN. Here and
there it is mentioned, that this is supported. But with my OpenLDAP
v2.4.11 the following command fails and I don't see any reason why. The
only reason why

Maybe RFC2253 should be used to represent UTF-8 chars?

I also suffer from a limitation, that email attribute may only contain
ASCII chars. For example, I cannot set:

mail: Rudolf Bünger rbuen...@net.com

If storing UTF8 in this attribute is not supported, maybe one can give
an advice, how to convert it to ASCII? I used:

'mail' = encode('ascii', $email);

but it replaces the non-valid chars with ?:

Rudolf B?nger rbuen...@net.com

and I need simply:

Rudolf Bunger rbuen...@net.com

Thanks in advance!

=== Adding a new group entry ===
dn::
0JrQsNGG0YPQsdC+INCS0LvQsNC00LjQvNC40YAsY249cGVyc29ucyxjbj1jZW50dXJpb24=
changetype: add
objectclass: groupOfNames
cn:: 0JrQsNGG0YPQsdC+INCS0LvQsNC00LjQvNC40YA=
member: cn=Dmitry Katsubo,cn=persons,cn=centurion

Net::LDAP=HASH(0x2165c1c) sending:

30 81 BC 02 01 04 68 81 B6 04 35 D0 9A D0 B0 D1 0.h...5.
86 D1 83 D0 B1 D0 BE 20 D0 92 D0 BB D0 B0 D0 B4 ... 
D0 B8 D0 BC D0 B8 D1 80 2C 63 6E 3D 70 65 72 73 ,cn=pers
6F 6E 73 2C 63 6E 3D 63 65 6E 74 75 72 69 6F 6E ons,cn=centurion
30 7D 30 1D 04 0B 6F 62 6A 65 63 74 63 6C 61 73 0}0...objectclas
73 31 0E 04 0C 67 72 6F 75 70 4F 66 4E 61 6D 65 s1...groupOfName
73 30 25 04 02 63 6E 31 1F 04 1D D0 9A D0 B0 D1 s0%..cn1
86 D1 83 D0 B1 D0 BE 20 D0 92 D0 BB D0 B0 D0 B4 ... 
D0 B8 D0 BC D0 B8 D1 80 30 35 04 06 6D 65 6D 62 05..memb
65 72 31 2B 04 29 63 6E 3D 44 6D 69 74 72 79 20 er1+.)cn=Dmitry
4B 61 74 73 75 62 6F 2C 63 6E 3D 70 65 72 73 6F Katsubo,cn=perso
6E 73 2C 63 6E 3D 63 65 6E 74 75 72 69 6F 6E __ ns,cn=centurion

  188: SEQUENCE {
00031:   INTEGER = 4
0006  182:   [APPLICATION 8] {
0009   53: STRING
000B :   D0 9A D0 B0 D1 86 D1 83 D0 B1 D0 BE 20 D0 92 D0
 ...
001B :   BB D0 B0 D0 B4 D0 B8 D0 BC D0 B8 D1 80 2C 63 6E
.,cn
002B :   3D 70 65 72 73 6F 6E 73 2C 63 6E 3D 63 65 6E 74
=persons,cn=cent
003B :   75 72 69 6F 6E __ __ __ __ __ __ __ __ __ __ __ urion
0040  125: SEQUENCE {
0042   29:   SEQUENCE {
0044   11: STRING = 'objectclass'
0051   14: SET {
0053   12:   STRING = 'groupOfNames'
0061 : }
0061 :   }
0061   37:   SEQUENCE {
00632: STRING = 'cn'
0067   31: SET {
0069   29:   STRING
006B : D0 9A D0 B0 D1 86 D1 83 D0 B1 D0 BE 20 D0 92 D0
 ...
007B : BB D0 B0 D0 B4 D0 B8 D0 BC D0 B8 D1 80 __ __ __
.
0088 : }
0088 :   }
0088   53:   SEQUENCE {
008A6: STRING = 'member'
0092   43: SET {
0094   41:   STRING = 'cn=Dmitry Katsubo,cn=persons,cn=centurion'
00BF : }
00BF :   }
00BF : }
00BF :   }
00BF : }
Net::LDAP=HASH(0x2165c1c) received:

30 16 02 01 04 69 11 0A 01 22 04 00 04 0A 69 6E 0i...in
76 61 6C 69 64 20 44 4E __ __ __ __ __ __ __ __ valid DN

   22: SEQUENCE {
00021:   INTEGER = 4
0005   17:   [APPLICATION 9] {
00071: ENUM = 34
000A0: STRING = ''
000C   10: STRING = 'invalid DN'
0018 :   }
0018 : }
invalid DN at D:/my.pl line 207

=== end ===

Re: Using UTF-8 in DN

2009-05-13 Thread Graham Barr 

On May 13, 2009, at 7:51 AM, Dmitry Katsubo wrote:

Dear Perl LDAP users!

I wonder, if somebody has succeeded to use UTF-8 symbols in DN. Here  
and

there it is mentioned, that this is supported. But with my OpenLDAP
v2.4.11 the following command fails and I don't see any reason why.  
The

only reason why

Maybe RFC2253 should be used to represent UTF-8 chars?

I also suffer from a limitation, that email attribute may only  
contain

ASCII chars. For example, I cannot set:

mail: Rudolf Bünger rbuen...@net.com


You started by discussing DNs but now you turn to the email attribute.

The mail attribute is defined in schema as caseIgnoreIA5Match which does
mean that its characters must be from the IA5 character set (basically  
ASCII)


email headers are also restricted to ascii and non-ascii characters are
encoded using RFC2047

You can get this in perl using encode('MIME-Q', $email)

Having said that, alsthough the descripion of the mail attribute is
RFC1274: RFC822 Mailbox I have never seen anyone use the full
mailbox definition in the mail attribute but only addr-spec

most applications I know build the full email mailbox using cn, or
givenName and sn, and mail. So mail would only hold the actual address.

Graham.