[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fw: Reserved characters for a LDAP URI



Wen-Cheng Wang wrote:

Taiwan side believes that the DN component in a LDAP URI should be:

ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C,%20Ltd.,c=TW

However, Japan side insists that it should be:

ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C%2C%20Ltd.,c=TW

There is one more possibility. ;-)

ou%3DPKI%20IWG%2Co%3DChunghwa%20Telecom%20Co.%5C%2C%20Ltd.%2Cc%3DTW

I think in case of LDAP URLs all these variants are equivalent.

From RFC2255:

   Note that any URL-illegal characters (e.g., spaces), URL special
   characters (as defined in section 2.2 of RFC 1738) and the reserved
   character '?' (ASCII 63) occurring inside a dn, filter, or other
   element of an LDAP URL MUST be escaped using the % method described
   in RFC 1738 [5]. If a comma character ',' occurs inside an extension
   value, the character MUST also be escaped using the % method.

As I understand this the ',' MUST be escaped in extensions but MAY be escaped in dn, filter, etc. as well.

Ciao, Michael.