> On May 4, 2020, at 10:05 AM, Moyer, Steven William <[email protected]> wrote: > > 've got a question about the intended behavior of the LDAP API with respect > to LDAP syntax that require escaping (or encoding?). We've had multiple > occurrences of users creating their entries with back-slashes in the > postalAddress attribute (This seems to be common in some countries/regions). > Should we expect the LDAP API to encode these dstring values for us or should > we perform that transformation before setting the attribute's value? Note > that there's no complaint when an illegal attribute value is added to an > entry. >
Hey Steve, I could see how an encoding feature would be useful in the API. I’ll let the others chime in if it’s available (in the api), my assumption, not. In fortress we encode beforehand, using ‘escapeLDAPSearchFilter’, in this module: https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/ldap/LdapDataProvider.java It uses an array of of unsafe characters, loaded as config params at runtime. #! 33 0041 0x21 ldap.filter.1=! ldap.sub.1=21 #% 37 0045 0x25 ldap.filter.2=% ldap.sub.2=25 #& 38 0046 0x26 ldap.filter.3=& ldap.sub.3=26 #( 40 0050 0x28 ldap.filter.4=( ldap.sub.4=28 #) 41 0051 0x29 ldap.filter.5=) ldap.sub.5=29 #* 42 0052 0x2a ldap.filter.6=* ldap.sub.6=2a #+ 43 0053 0x2b ldap.filter.7=+ ldap.sub.7=2b #- 45 0055 0x2d ldap.filter.8=- ldap.sub.8=2d #/ 47 0057 0x2f ldap.filter.9=/ ldap.sub.9=2f #< 60 0074 0x3c ldap.filter.10=< ldap.sub.10=3c #= 61 0075 0x3d ldap.filter.11== ldap.sub.11=3d #> 62 0076 0x3e ldap.filter.12=> ldap.sub.12=3e #\ 92 0134 0x5c ldap.filter.13=\\ ldap.sub.13=5c #| 124 0174 0x7c ldap.filter.14=| ldap.sub.14=7c #~ 126 0176 0x7e ldap.filter.15=~ ldap.sub.15=7e — Shawn --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
