Filters should not contains '(', '*', ')', '\', 0x00 or any char above
0x7F. They should be escaped using \XY where XY is the hex value for
the escaped char.On 9/25/07, Zembower, Kevin <[EMAIL PROTECTED]> wrote: > I went to http://www.rfc-editor.org/rfc/rfc4514.txt and searched for 'special > character' and saw this section: > This example shows the method of escaping of a special characters > appearing in a common name: > > CN=James \"Jim\" Smith\, III,DC=example,DC=net > > When nothing else could be found for 'special character,' I made the > erroneous assumption that this example could be extrapolated to parenthesis. > I'm embarrassed that I made that error, and appreciate your patience with my > question. > > If I understand the section of 2.4 that you quoted, parenthesis are not > special characters and don't need any special treatment. However, if I don't > escape them with backslashes, my script generates another error in this > section: > // search ldap > // change filter to PeopleID > $filter='cn='.$entry['FirstName']." ".$entry['LastName']; > echo '$filter is ' . $filter . "\n"; > $result=ldap_search($connection,$rdn,$filter); #This is line 111 > > [EMAIL PROTECTED]:/var/www/centernet/htdocs/ldap_auth$ php conversion.php > > $filter is cn=E. Kevin (Kev) Zembower > > Warning: ldap_search(): Search: Bad search filter in > /var/www/centernet/htdocs/ldap_auth/conversion.php on line 112 > > This error goes away when I escape the parenthesis, but the other error > occurs. The error also doesn't occur if the string doesn't have parenthesis > in it. This led me to believe that the parenthesis needed escaping. > > I appreciate any advice you have to help me resolve this issue. Thanks for > your help. > > -Kevin > > -----Original Message----- > From: Michael Ströder [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 25, 2007 4:20 PM > To: Zembower, Kevin > Cc: [email protected] > Subject: Re: [ldap] RE: Newbie: best method for using special characters? > > Zembower, Kevin wrote: > > Michael, thanks for your suggestion. I read the RFC and it seemed to > > say that I just need to escape the parenthesis with a backslash. > > Parenthesis?!? > > Did you really read RFC 4514, section 2.4? Or did you read another RFC? > > -------------------------- snip -------------------------- > > Otherwise, if the AttributeValue is of a syntax that has a LDAP- > specific string encoding, the value is converted first to a UTF-8- > encoded Unicode string according to its syntax specification (see > [RFC4517], Section 3.3, for examples). If that UTF-8-encoded Unicode > string does not have any of the following characters that need > escaping, then that string can be used as the string representation > of the value. > > - a space (' ' U+0020) or number sign ('#' U+0023) occurring at > the beginning of the string; > - a space (' ' U+0020) character occurring at the end of the > string; > - one of the characters '"', '+', ',', ';', '<', '>', or '\' > (U+0022, U+002B, U+002C, U+003B, U+003C, U+003E, or U+005C, > respectively); > - the null (U+0000) character. > > Other characters may be escaped. > > -------------------------- snip -------------------------- > > Ciao, Michael. > > --- > You are currently subscribed to [email protected] as: [EMAIL PROTECTED] > To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as > the SUBJECT of the message. > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
