Am 16.02.2011 10:16, schrieb Pierangelo Masarati: > Christian Manal wrote: >> Am 15.02.2011 08:04, schrieb MJ Hughes: >>> Hi, >>> >>> >>> I'm an LDAP newbie who has inherited the maintenance of an LDAP >>> system, and >>> am learning on the fly. Until now I've been able to puzzle out all the >>> issues I've faced, but finally my google fu has failed me, so I'm >>> seeking >>> more human assistance. >>> >>> >>> My problem is with reserved characters, such as , (comma). The system >>> wasn't coping with RDNs that contained these characters, but this was >>> easy >>> enough to fix by simply escaping these characters with a backslash. >>> >>> >>> My problem now involves trying to alias entries that contain these >>> escaped >>> characters - I am consistently getting "Invalid DN syntax". This is >>> what >>> the code to add the alias looks like: >>> >>> >>> >>> $operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . >>> $locDN; >>> >>> $aliasParameterArray = array( >>> >>> "objectClass" => "alias", >>> >>> "aliasedObjectName" => $aliasDN >>> >>> ); >>> >>> $result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray); >>> >>> >>> >>> The aliasSafe() function converts "=" => "\3D" and "," => "\," >>> (unless the >>> commas have already been escaped). >>> >>> >>> This produces DNs that have the following (hypothetical) format: >>> >>> >>> >>> $aliasDN: cn=Tomorrow\, When The War Began,cn=books,dc=library,dc=com >>> >>> >>> $operationDN: cn\3DTomorrow\, When The War >>> Began\,cn\3Dbooks\,dc\3Dlibrary\,dc\3Dcom,cn=titles,cn=John >>> Marsden,cn=authors,dc=library,dc=com >>> >>> >>> >>> I've tried every encoding of the comma (in the book name) that I can >>> think >>> of (eg, a single backslash, a double backslash, a triple backslash, >>> and even >>> '\2C') but everything I've tried so far has given me the "Invalid DN >>> syntax" >>> error. Could someone please help me with the syntax and encoding >>> these DNs >>> should have? >>> >>> >>> Thanks, >>> >>> MJ >>> >> >> >> Hi, >> >> have a look at RFC 1485 section 2.2: >> >> <http://www.faqs.org/rfcs/rfc1485.html> >> >> Double quotes around the RDN will solve your problem. > > From <http://www.rfc-editor.org/>: > > Number More Info (Obs&Upd) Status > RFC1485 Obsoleted by RFC1779, RFC3494 HISTORIC > > then there is a long list of obsolescence up to RFC4510, RFC4514 which > are the current specs for DN representation; I note that RFC4514 does no > longer mention quoting as allowed. The fact that OpenLDAP accepts it is > a matter of being friendly to obsolete, istoric clients. Perpetuating > that behavior is a Bad Thing. The problem lies somewhere else, I > suspect in some inconsistent escaping handling of the language used. > > p. >
Thanks for the info. My two minute google research after MJ's second mail didn't come up with that. Regards, Christian Manal
