https://bugs.openldap.org/show_bug.cgi?id=9817
--- Comment #11 from Ondřej Kuzník <[email protected]> --- On Thu, May 19, 2022 at 08:11:49PM +0000, [email protected] wrote: > https://bugs.openldap.org/show_bug.cgi?id=9817 > > --- Comment #10 from Thierry PUBELLIER <[email protected]> --- > Hi Ondřej, > > This could be a very good solution to my issue. > Wish it could be added to OpenLDAP in a future release. > > I created a regression script. Please fin it attached. > > Best regards, > > Thierry Hi Thierry, Haven't looked into adopting your script yet but I've now posted a draft MR here if you want to test it some: https://git.openldap.org/openldap/openldap/-/merge_requests/529 What it allows you to do is turn line 5 into something like: rwm-rewriteMap escape escapeThisDN escape2filter rwm-rewriteRule ".+" "${escapeThisDN($0)}" ":" # make value safe for embedding in a filter assertion rwm-rewriteRule ".+" "(&(!(description=TEST))(entryDN=$0))" ":" # construct LDAP filter based on the escaped DN Or you can chain them if you're parsing a part of a DN (it should even be safe for intermediate values to contain embedded nul bytes so long as the last step escapes them): rwm-rewriteMap escape reencodeValue unescapeDN escape2filter # unescape value from DN and escape for use in a filter rwm-rewriteRule "^cn=([^,+]*)" "${reencodeValue($0)}" ":" # convert value for embedding in a filter assertion rwm-rewriteRule ".+" "(&(!(description=TEST))(cn=$0))" ":" # construct LDAP filter based on the escaped value of cn Regards, -- You are receiving this mail because: You are on the CC list for the issue.
