[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Characters in DN
I note from RFC 2253 that
> If the UTF-8 string does not have any of the following characters
> which need escaping, then that string can be used as the string
> representation of the value.
>
> o a space or "#" character occurring at the beginning of the
> string
>
> o a space character occurring at the end of the string
>
> o one of the characters ",", "+", """, "\", "<", ">" or ";"
>
> Implementations MAY escape other characters.
>
but OpenLDAP's dn parsing functions don't seem to consider anything
but dn and rdn separators (see for instance
servers/slapd/dn.c:dn_validate
and macro RDN_NEEDSESCAPE in servers/slapd/slap.h).
I guess it should read
#define RDN_NEEDSESCAPE(c) ((c) == '\\' || (c) == '"' || (c) == '<'
|| (c) == '>')
as a consequence, if I add an entry of the form
dn: cn=\<Ando\>,dc=my,dc=org
...
and then an entry
dn: cn=<Ando>,dc=my,dc=org
...
they are treated like they're the same (correct) but only because
the escapes '\' of chars that do not need escape (according to
RDN_NEEDSESCAPE) are ignored when validating dns. I guess
the second example (cn=<Ando>,dc=my,dc=org) should rather
be treated as an error.
should I go on and fix it?
On another note, I made a change to rdn_attrs that eliminates
escapes from attribute values parsed out of a rdn to perform
attribute add[/delete] when changing a rdn, so that
dn: cn=whois\+\++uid=somethingelse
results in adding
cn=whois++
uid=somethingelse
to the entry. I didn't find anything about this on RFCs. Does anybody
have any comments before I commit the change?
Ando.
--
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati