[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Special Character Handling in the LDAP DN and entry attributes
On Tuesday, July 27, 2004, at 12:41 PM, Wu Miao wrote:
I meet an issue of handling special characters in the LDAP. As RFC2253
defined DN handling should escape the special characters such as ",",
"+", """, "\", "<", ">" or ";". The question here is that does the
special character needs to be escaped in the entry attributes? More
specific here: LDAP entry looks like that:
dn: cn=test\, user11, ou=Expired, o=Bungalo,
domainComponent=Mission190, domainComponent=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: pkiUser
objectClass: entrustUser
cn: test, user11
certSubjectDn: cn=This\, is\, a\, test, ou=Expired, o=Bungalo,
domainComponent=Mission190, domainComponent=com
mail: "rfc822Name=testuser11@mission180.com"
"dNSName=testuser11.mission180.co
m" "iPAddress=1.1.1.4"
certSubjectDn is a new attribute I populated in LDAP schema to hold
the value of a certificate subject Dn with the cn value is This, is,
a, test. What's the correct way to save this certSubjectDn attribute
in LDAP? Should the special character (comma) be escaped or not?
Notice that the cn attribute above doesn't escape the comma, that's
why I'm confusing here. Is there any RFC regulates this? Thanks very
much.
I don't know about an RFC, but as a practical matter, note that
attributes are parsed according to different syntax rules, as
specified in your schema. The syntax rule for certSubjectDN
should be 1.3.6.1.4.1.1466.115.121.1.12, I believe, and it
will take a different view of commas than the syntax for cn.
Donn Cave, donn@u.washington.edu