Re: Special Character Handling in the LDAP DN and entry attributes

[Donn Cave <donn@u.washington.edu>]

On Tuesday, July 27, 2004, at 12:41 PM, Wu Miao wrote:
> I meet an issue of handling special characters in the LDAP. As RFC2253 
> defined DN handling should escape the special characters such as ",", 
> "+", """, "\", "<", ">" or ";". The question here is that does the 
> special character needs to be escaped in the entry attributes?  More 
> specific here:  LDAP entry looks like that:
>
> dn: cn=test\, user11, ou=Expired, o=Bungalo, 
> domainComponent=Mission190, domainComponent=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: pkiUser
> objectClass: entrustUser
> cn: test, user11
> certSubjectDn: cn=This\, is\, a\, test, ou=Expired, o=Bungalo, 
> domainComponent=Mission190, domainComponent=com
> mail: "rfc822Name=testuser11@mission180.com" 
> "dNSName=testuser11.mission180.co
>  m" "iPAddress=1.1.1.4"
>
> certSubjectDn is a new attribute I populated in LDAP schema to hold 
> the value of a certificate subject Dn with the cn value is  This, is, 
> a, test. What's the correct way to save this certSubjectDn attribute 
> in LDAP? Should the special character (comma) be escaped or not? 
> Notice that the cn attribute above doesn't escape the comma, that's 
> why I'm confusing here. Is there any RFC regulates this? Thanks very 
> much.

I don't know about an RFC, but as a practical matter, note that
attributes are parsed according to different syntax rules, as
specified in your schema.  The syntax rule for certSubjectDN
should be 1.3.6.1.4.1.1466.115.121.1.12, I believe, and it
will take a different view of commas than the syntax for cn.

	Donn Cave, donn@u.washington.edu