OpenLDAP client tools, and underlying client library routines, expect filters to be presented using the string representation detailed in RFC 2254. See RFC 2254 for details on how to escape characters special to this representation. Of course, as you likely are passing these strings through a command line, or a programming language, you may also need to escape characters of the string special to the interface.
Regards, Kurt At 10:39 AM 8/11/2005, Jeremiah Martell wrote: >Kurt, > > That helps. I'm also interested in how this relates to looking up >usernames with a filter. Let's say I want to look up "bob", so I >search for "(|(cn=bob))". And I get a hit. Well, what if I want to >lookup something bogus like "tr)@*(((D=+-JK34" Those parentheses, >stars, and equal signs will mess up my ldap filter if I plug them >right in: > >bob >"(|(cn=bob))" >Valid search filter > >tr)@*(((D=+-JK34 >"(|(cn=tr)@*(((D=+-JK34))" >Invalid search filter > > Is there anyway to know which characters to filter, or anyway to >escape them (like with a backslash in C?) > > - Jeremiah > [EMAIL PROTECTED] > >On 8/11/05, Kurt D. Zeilenga <[EMAIL PROTECTED]> wrote: >> At 06:42 AM 8/11/2005, Jeremiah Martell wrote: >> >What characters are valid in a LDAP username or password? >> >> OpenLDAP Software generally uses userPassword for passwords, >> its an octetString compared octetwise per RFC 2256. Client >> software is responsible for ensuring any character data in >> passwords is presented in a common way on the wire. >> >> Usernames in LDAP are generally DNs. OpenLDAP Software does >> not place significant restrictions on the kinds of values one >> can use in naming. >> >> (OpenLDAP supports SASL, usernames and passwords (where used) >> depend on the mechanism involved.) >> >> Kurt >> >>
