Joe,
Yup, escaping the character worked like a charm.
Joe mentioned that the query appears to be trimmed, so that seems to be what
is happening.
Thanks,
Jef
----- Original Message -----
From: "Joe Kaplan" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, August 18, 2006 8:33 AM
Subject: Re: [ActiveDir] Single Space in LDAP query dropped: Why?
I'm pretty sure that's part of the RFC spec. A space at the beginning or
end of a query value will be ignored. Your space in this example would be
both. Did you try escaping it to see if that works?
Joe Kaplan
----- Original Message -----
From: Jef Kazimer
To: [email protected]
Sent: Friday, August 18, 2006 12:15 AM
Subject: [ActiveDir] Single Space in LDAP query dropped: Why?
I had posted this today, and I was curious if anyone knew why an LDAP
filter drops the query when searching for a single space value? Though I
was using Joe's ADfind, I did have the same results in ADSIedit, and
thought someone better than I, may know why. It's not really a problem,
just a curiousity.
Thanks,
Jef
http://jeftek.spaces.live.com/blog/cns!F2042DC08607EF2!642.entry
LDAP queries are spaced out...
I was looking at a metaverse object in MIIS today noticed some admin had
set the mail attribute to a single SPACE ( ) character. The Metaverse is
stored in a SQL server, so naturally the query structure is different than
any constraints of LDAP.
I wanted to discover how many other user objects had the same issue, so I
decided to pull out ADfind and issue this command:
ADFIND -H MYSERVER -DEFAULT -F "(&(objectCategory=person)(mail= ))" -C
0 found
ok, so I thought it was my lack of quoting and tried:
ADFIND -H MYSERVER -DEFAULT -F "(&(objectCategory=person)(mail=' '))" -C
0 found
Since it's command line I was sure that the quoting would encapsulate it
correctly, so I figure it is being stripped out by the LDAP query (I made
this same Query ins ADSIedit and LDP with no luck) so perhaps there is an
escape character for such a thing. I have done many queries with filters
like "description=The Man", and the space was interpreted correctly. Yet
it seems, a single space, by itself is not passed to the query correctly.
So I check out the uber friendly RFCs and find escape characters for types
such as * and NUL, but really no mention of a single space as anything
special. I checked the LDAP V3 RFC as well for any real mention of when
and when a single space is dropped from the query, finding nothing
related.
Fortunately, using the escaped sequence in the query ("mail=\20") to
represent a space worked just fine and returned the object I was looking
for.
ADFIND -H MYSERVER -DEFAULT -F "(&(objectCategory=person)(mail=\20))" -C
48 found
So LDAP filters can container spaces as the value being queried for, but
cannot be a single space without using an escape sequence to represent the
value.
I suppose it's kind of silly, but I had never really looked for such an
occurrence before, so it was an interesting learning experience.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
