[Date Prev][Date Next] [Chronological] [Thread] [Top]

Error searching DNs with escaped special characters



Hello to all,

I am experiencing inconsistencies when searching for DNs that contain the following escaped special characters:

      ",", "+", """, "\", "<", ">", ";"

(ref. Section 3 of RFC 2253 at http://www.faqs.org/rfcs/rfc2253.htmldefines) 

********************************
I'm running:
  OpenLDAP 2.1.16
  Back-sql (MS SQL Server 2000)
********************************

----------------------------------------------------------------------
Problem description:

1) The following DN with no escaped character works fine:

> ldapsearch -x -b "cn=CITY EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US" cn

# extended LDIF
#
# LDAPv3
# base <cn=CITY EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US> with scope sub
# filter: (objectclass=*)
# requesting: cn
#

# CITY EMS COMMISSIONER, ROLES, MYCO, US
dn: cn=CITY EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US
cn: City, EMS Commissioner

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

2) The following DN with "<" escaped works fine.  Note that the "<" is included as the actual character in the "dn: ..." line of the search result:

> ldapsearch -x -b "cn=CITY\< EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US" cn

# extended LDIF
#
# LDAPv3
# base <cn=CITY\3C EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US> with scope sub
# filter: (objectclass=*)
# requesting: cn
#

# CITY\3C EMS COMMISSIONER, ROLES, MYCO, US
dn: cn=CITY\< EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US
cn: City, EMS Commissioner

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

NOTE 1: specifying ldapsearch ... "cn=CITY\3C EMS...  also works
NOTE 2: success holds for each of 4 special chars """, "<", ">", ";"


3) The following DN with "," escaped fails.  

> ldapsearch -x -b "cn=CITY\, EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US" cn

# extended LDIF
#
# LDAPv3
# base <cn=CITY\, EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US> with scope sub
# filter: (objectclass=*)
# requesting: cn
#

# search result
search: 2
result: 0 Success

# numResponses: 1

NOTE 1: specifying ldapsearch ... "cn=CITY\2C EMS...  also fails
NOTE 2: failure is same for each of 3 special chars ",", "+", "\" 
NOTE 3: can retrieve the directory entry performing the search as follows (see how special character now shows as ASCII hex value 2C in both result lines):

> ldapsearch -x -b "dc=ROLES,o=MYCO,c=US" "(cn=city*ems*)" cn

# extended LDIF
#
# LDAPv3
# base <dc=ROLES,o=MYCO,c=US> with scope sub
# filter: (cn=city*ems*)
# requesting: cn
#

# CITY\2C EMS COMMISSIONER, ROLES, MYCO, US
dn: cn=CITY\2C EMS COMMISSIONER,dc=ROLES,o=MYCO,c=US
cn: City, EMS Commissioner

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1


---------------------------------------------
I have searched the ITS, forums and source change logs for references to this behavior, but wasn't able to come up with anything. I'm suspecting this may be a bug at the server level since failure occurs whether using ldapsearch client or Java browser client.  Will hold off filing an ITS entry pending replies.

Thanks in advance for any info!

Ken Turley
Invizeon Corp.