Re: Problem with names that include ","
Christoph Holtermann wrote: > I am working on a filter that makes Thunderbirds LDIF-Output > importable to OpenLDAP. It works quite fine except for names > that include ",". OpenLDAP dislikes the output that is produced > like : Can you please elaborate on which exact problems you have with OpenLDAP? > dn: cn=Lehmann\, Veronika,dc=Adressbuch,dc=christoph This looks like a perfectly valid DN string representation to me. > cn: Lehmann\, Veronika This is wrong since the attribute value for cn is supposed to be 'Lehmann, Veronika' not 'Lehmann\\, Veronika' (strings here in Python string notation with single \ escaped to \\). OpenLDAP is pretty strict when checking the characteristic attribute used in the RDN of entry. > I found out that an encoding like "\2C" is accepted, like : > > dn: cn=Lehmann\2C Veronika,dc=Adressbuch,dc=christoph Yes, that's an alternate style also valid according to RFC 4514. > The code that is about that problem looks like : > > basedn='dc=Adressbuch,dc=christoph' > > def fix_dn(self, dn): > try: > self.head=ldap.dn.explode_dn(dn)[0] > for i in range(len(dn_warning)): >if self.head.find(dn_warning[i])>-1: > print "dn :",self.head, "contains '",dn_warning[i],"' - change > manually !" > return self.head + ',' + basedn > except: > if dn==None: >print "No dn specified" >return None Glancing over this I don't understand your code. What is this function supposed to do? At least this looks correct to me: Python 2.6 (r26:66714, Feb 3 2009, 20:52:03) [GCC 4.3.2 [gcc-4_3-branch revision 141291]] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import ldap >>> ldap.explode_dn('cn=Lehmann\, Veronika,dc=Adressbuch,dc=christoph') ['cn=Lehmann\\, Veronika', 'dc=Adressbuch', 'dc=christoph'] >>> Ciao, Michael. -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Am 02.06.2009 um 14:12 schrieb Michael Ströder: > Marc Balmer wrote: >> take a look at RFC 1779. A semicolon could be used as an >> alternate delimiter and it shuld be possible to enclose strings >> in quotes, i.e. like this: > > RFC 1779 was part of LDAPv2 standard which has been obsoleted for > quite > a while now. Today RFC 4514 is relevant for LDAPv3-based DSAs which > does > not allow semicolon as delimiter. grmbll, that is what you get when you work with 40 years old systems Sorry for the wrong information, though. Marc Balmer (long time BSD developer ;) -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Michael Ströder wrote: >> >>> I am working on a filter that makes Thunderbirds LDIF-Output >>> importable to OpenLDAP. It works quite fine except for names >>> that include ",". OpenLDAP dislikes the output that is produced >>> like : >>> >>> dn: cn=Lehmann\, Veronika,dc=Adressbuch,dc=christoph >> Escaping characters is used by some LDAP servers, not all of them, but is >> not conform to LDIF. > > Yves, that sounds wrong to me. > > According to RFC 4514 a comma within a RDN value has to either be > escaped with \ or converted to hex-escaped value. That's what function > ldap.dn.escape_dn_chars() is for. And you can directly use the result in > LDIF. Michael is right here, even though there is no escaping in LDIF itself, you can use a backslash in an LDIF file, and RFC 4514 defines the backslash syntax to escape some characters. Sorry to mislead you Christoph. -- Yves. http://www.sollers.ca/ -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Christoph Holtermann wrote: > > Still working on commas in dn. When I now look > at the functions supplied in python ldap there is > for example : > a='cn="lehmann, Andreas",dc=Adressbuch' b=ldap.dn.str2dn(a) b > [[('cn', 'lehmann, Andreas', 1)], [('dc', 'Adressbuch', 1)]] ldap.dn.dn2str(b) > 'cn=lehmann\\, Andreas,dc=Adressbuch' ldap.dn.explode_dn(a) > ['cn=lehmann\\, Andreas', 'dc=Adressbuch'] > > So Python-LDAP itself goes this nonconform way of > using escape sequences if I get it right. Why do you think that this is wrong? I'd recommend to read RFC 4514 to learn in detail instead of relying on false information given by others. > I guess it's quite easy using dn2str and then converting it to a new > string using "" instead of using str2dn or explode_dn that lead to > ESC-Codes. There's nothing wrong with correct escaping. Quoted RDN attribute values should be avoided. > But wouldn't it make sense to change the functions ? No. Ciao, Michael. -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Yves Dorfsman wrote: > Christoph Holtermann wrote: > >> I am working on a filter that makes Thunderbirds LDIF-Output >> importable to OpenLDAP. It works quite fine except for names >> that include ",". OpenLDAP dislikes the output that is produced >> like : >> >> dn: cn=Lehmann\, Veronika,dc=Adressbuch,dc=christoph > > Escaping characters is used by some LDAP servers, not all of them, but is > not conform to LDIF. Yves, that sounds wrong to me. According to RFC 4514 a comma within a RDN value has to either be escaped with \ or converted to hex-escaped value. That's what function ldap.dn.escape_dn_chars() is for. And you can directly use the result in LDIF. Ciao, Michael. -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Hello ! Still working on commas in dn. When I now look at the functions supplied in python ldap there is for example : >>> a='cn="lehmann, Andreas",dc=Adressbuch' >>> b=ldap.dn.str2dn(a) >>> b [[('cn', 'lehmann, Andreas', 1)], [('dc', 'Adressbuch', 1)]] >>> ldap.dn.dn2str(b) 'cn=lehmann\\, Andreas,dc=Adressbuch' >>> ldap.dn.explode_dn(a) ['cn=lehmann\\, Andreas', 'dc=Adressbuch'] So Python-LDAP itself goes this nonconform way of using escape sequences if I get it right. I guess it's quite easy using dn2str and then converting it to a new string using "" instead of using str2dn or explode_dn that lead to ESC-Codes. But wouldn't it make sense to change the functions ? regards, C. Holtermann -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Michael Ströder wrote: > Christoph Holtermann wrote: >> I just fed it with >> >> dn: cn="Lehmann, Veronika",dc=Adressbuch,dc=christoph >> objectclass: top >> objectclass: person >> objectclass: inetOrgPerson >> objectclass: mozillaAbPersonAlpha >> sn: Lehmann >> cn: Lehmann, Veronika > > And that's the correct LDIF for the entry you want to add. And dn: cn=Lehmann\, Veronika,dc=Adressbuch,dc=christoph would have been correct either. Ciao, Michael. -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Marc Balmer wrote: > take a look at RFC 1779. A semicolon could be used as an > alternate delimiter and it shuld be possible to enclose strings > in quotes, i.e. like this: RFC 1779 was part of LDAPv2 standard which has been obsoleted for quite a while now. Today RFC 4514 is relevant for LDAPv3-based DSAs which does not allow semicolon as delimiter. Ciao, Michael. -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Christoph Holtermann wrote: > I just fed it with > > dn: cn="Lehmann, Veronika",dc=Adressbuch,dc=christoph > objectclass: top > objectclass: person > objectclass: inetOrgPerson > objectclass: mozillaAbPersonAlpha > sn: Lehmann > cn: Lehmann, Veronika And that's the correct LDIF for the entry you want to add. > it works fine. But the Output of OpenLDAP, when I ldapsearch it is : > >> ldapsearch -x "(cn=*lehmann*)" > # extended LDIF > # > # LDAPv3 > # base (default) with scope subtree > # filter: (cn=*lehmann*) > # requesting: ALL > # > > # Lehmann\2C Veronika, Adressbuch.christoph > dn: cn=Lehmann\2C Veronika,dc=Adressbuch,dc=christoph > objectClass: top > objectClass: person > objectClass: inetOrgPerson > objectClass: mozillaAbPersonAlpha > sn: Lehmann > cn: Lehmann, Veronika And that's correct either. > And what I saw was : escape-codes. And I just have been told, that > it's not LDIF-conform ;-) Yes, this was wrong information. > So my goal now is to make my filter put entrys which contain commas > in "". Does anyone know how to make Python-ldap do so ? I'm not sure what you want to achieve. I'd use module 'ldif' to read the Thunderbird export file and sanitize it. If Thunderbird put the \ in the value for attribute 'cn' then you have to strip this wrong escaping, but only for this particular attribute value. It seems you can use the DN as is. Ciao, Michael. -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Am 02.06.2009 um 13:13 schrieb Christoph Holtermann: > Hello ! > > Thanks for your reply and that of Marc Balmer. > But I still wonder if it is allowed by LDAP or LDIF- > Specification to have a comma in dn. I also tried it > with "" and Base64, some of which > openldap accepted. take a look at RFC 1779. A semicolon could be used as an alternate delimiter and it shuld be possible to enclose strings in quotes, i.e. like this: dn="Balmer, Marc",ou=research,dc=msys,dc=ch But I did not test if OpenLDAP "eats" this... ;) - Marc Balmer > > C. Holtermann > > Yves Dorfsman schrieb: >> >> Christoph Holtermann wrote: >> >> >>> I am working on a filter that makes Thunderbirds LDIF-Output >>> importable to OpenLDAP. It works quite fine except for names >>> that include ",". OpenLDAP dislikes the output that is produced >>> like : >>> >>> dn: cn=Lehmann\, Veronika,dc=Adressbuch,dc=christoph >>> >> >> Escaping characters is used by some LDAP servers, not all of them, >> but is >> not conform to LDIF. >> >> > > -- > OpenSolaris 2009.06 is a cutting edge operating system for enterprises > looking to deploy the next generation of Solaris that includes the > latest > innovations from Sun and the OpenSource community. Download a copy and > enjoy capabilities such as Networking, Storage and Virtualization. > Go to: > http://p.sf.net/sfu/opensolaris-get___ > Python-LDAP-dev mailing list > Python-LDAP-dev@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Hi ! >> >> Thanks for your reply and that of Marc Balmer. >> But I still wonder if it is allowed by LDAP or LDIF- >> Specification to have a comma in dn. I also tried it >> with "" and Base64, some of which >> openldap accepted. > > take a look at RFC 1779. A semicolon could be used as an > alternate delimiter and it shuld be possible to enclose strings > in quotes, i.e. like this: > > dn="Balmer, Marc",ou=research,dc=msys,dc=ch > > But I did not test if OpenLDAP "eats" this... ;) > > - Marc Balmer > I just fed it with dn: cn="Lehmann, Veronika",dc=Adressbuch,dc=christoph objectclass: top objectclass: person objectclass: inetOrgPerson objectclass: mozillaAbPersonAlpha sn: Lehmann cn: Lehmann, Veronika it works fine. But the Output of OpenLDAP, when I ldapsearch it is : > ldapsearch -x "(cn=*lehmann*)" # extended LDIF # # LDAPv3 # base (default) with scope subtree # filter: (cn=*lehmann*) # requesting: ALL # # Lehmann\2C Veronika, Adressbuch.christoph dn: cn=Lehmann\2C Veronika,dc=Adressbuch,dc=christoph objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: mozillaAbPersonAlpha sn: Lehmann cn: Lehmann, Veronika And what I saw was : escape-codes. And I just have been told, that it's not LDIF-conform ;-) probably they don't know ? So my goal now is to make my filter put entrys which contain commas in "". Does anyone know how to make Python-ldap do so ? C. Holtermann -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Hello ! Thanks for your reply and that of Marc Balmer. But I still wonder if it is allowed by LDAP or LDIF- Specification to have a comma in dn. I also tried it with "" and Base64, some of which openldap accepted. C. Holtermann Yves Dorfsman schrieb: > Christoph Holtermann wrote: > > >> I am working on a filter that makes Thunderbirds LDIF-Output >> importable to OpenLDAP. It works quite fine except for names >> that include ",". OpenLDAP dislikes the output that is produced >> like : >> >> dn: cn=Lehmann\, Veronika,dc=Adressbuch,dc=christoph >> > > Escaping characters is used by some LDAP servers, not all of them, but is > not conform to LDIF. > > -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
Re: Problem with names that include ","
Christoph Holtermann wrote: > I am working on a filter that makes Thunderbirds LDIF-Output > importable to OpenLDAP. It works quite fine except for names > that include ",". OpenLDAP dislikes the output that is produced > like : > > dn: cn=Lehmann\, Veronika,dc=Adressbuch,dc=christoph Escaping characters is used by some LDAP servers, not all of them, but is not conform to LDIF. -- Yves. http://www.sollers.ca/ -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev