I meet an issue of handling special characters in the LDAP. As RFC2253 defined DN handling should escape the special characters such as ",", "+", """, "\", "<", ">" or ";". The question here is that does the special character needs to be escaped in the entry attributes? More specific here: LDAP entry looks like that:
dn: cn=test\, user11, ou=Expired, o=Bungalo, domainComponent=Mission190, domainComponent=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: pkiUser
objectClass: entrustUser
cn: test, user11
certSubjectDn: cn=This\, is\, a\, test, ou=Expired, o=Bungalo, domainComponent=Mission190, domainComponent=com
mail: "rfc822Name=testuser11@mission180.com" "dNSName=testuser11.mission180.co
m" "iPAddress=1.1.1.4"
certSubjectDn is a new attribute I populated in LDAP schema to hold the value of a certificate subject Dn with the cn value is This, is, a, test. What's the correct way to save this certSubjectDn attribute in LDAP? Should the special character (comma) be escaped or not? Notice that the cn attribute above doesn't escape the comma, that's why I'm confusing here. Is there any RFC regulates this? Thanks very much.
Wu Miao
Nortel Networks