[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fw: Reserved characters for a LDAP URI



                                                                                                               
                                                                                                               
                                                                                                               


I'd start with the proper string representation of the URL (from RFC2253),
which states that the "," in the ou value should be escaped as "\2C"

ou=PKI IWG,o=Chunghwa Telecom Co.\2C Ltd.,c=TW

>From there, convert the string form of the DN to a URL, replacing the space
(%20) and \ (%5C) characters:

ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C2C%20Ltd.,c=TW


John  McMeeking



                                                                                                                             
                      Michael Ströder                                                                                        
                      <michael@stroeder.co        To:       Wen-Cheng Wang <wcwang@cht.com.tw>                               
                      m>                          cc:       ietf-ldapbis@OpenLDAP.org, ietf-pkix@imc.org                     
                      Sent by:                    Subject:  Re: Fw: Reserved characters for a LDAP URI                       
                      owner-ietf-ldapbis@O                                                                                   
                      penLDAP.org                                                                                            
                                                                                                                             
                                                                                                                             
                      12/23/2002 04:48 AM                                                                                    
                                                                                                                             
                                                                                                                             




Wen-Cheng Wang wrote:
>
> Taiwan side believes that the DN component in a LDAP URI should
> be:
>
> ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C,%20Ltd.,c=TW
>
> However, Japan side insists that it should be:
>
> ou=PKI%20IWG,o=Chunghwa%20Telecom%20Co.%5C%2C%20Ltd.,c=TW

There is one more possibility. ;-)

ou%3DPKI%20IWG%2Co%3DChunghwa%20Telecom%20Co.%5C%2C%20Ltd.%2Cc%3DTW

I think in case of LDAP URLs all these variants are equivalent.

 From RFC2255:

    Note that any URL-illegal characters (e.g., spaces), URL special
    characters (as defined in section 2.2 of RFC 1738) and the reserved
    character '?' (ASCII 63) occurring inside a dn, filter, or other
    element of an LDAP URL MUST be escaped using the % method described
    in RFC 1738 [5]. If a comma character ',' occurs inside an extension
    value, the character MUST also be escaped using the % method.

As I understand this the ',' MUST be escaped in extensions but MAY be
escaped in dn, filter, etc. as well.

Ciao, Michael.