[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[JLDAP] Unable to search for X509 subject entry.Escape character "("
- To: openldap-software@OpenLDAP.org
- Subject: [JLDAP] Unable to search for X509 subject entry.Escape character "("
- From: Diego Pietralunga <diego@ltt.it>
- Date: Tue, 22 Mar 2005 15:17:00 +0100
- User-agent: Mozilla Thunderbird 1.0RC1 (X11/20041201)
Hi,
I' m currently stuck with a problem with a LDAP search which is
driving me crazy.
Using Novell JLDAP Java classes (2004_09_15) I need to perform a query
for a X509 certificate subject (stored on LDAP server through a custom
schema).
The server is OpenLDAP 2.0.27, os Suse Linux 9.0 and the certificate to
search is Verisign's.
Unfortunately it looks like that the problem is that Verisign uses
plenty of "(", ")" characters in their DNs.
These characters need to be escaped for OpenLDAP (and per LDAP rfc I
guess).
The standard OpenLDAP entry I have to search includes a binary
certificate and a string with the X509 Subject (for searching)
Scenario:
1)Load new plain Verisign certificate (subject) on OpenLDAP via LDAP
Browser editor tool.
1.1) Fail to load because of invalid chars.
2)Manually find and escape the chars.
This is the failing entry:
---------------------------------------------------------------------------------------------------------------------------------------
O=VeriSign\, Inc., OU=VeriSign Trust Network,
OU=www.verisign.com/repository/RPA Incorp. by Ref.\,LIAB.LTD(c)98,
OU=Persona Not Validated, OU=Digital ID Class 1 - Microsoft, CN=L.T.T
Lab. Telematica Territ./emailAddress=posta-certificata@certmail.ltt.it
----------------------------------------------------------------------------------------------------------------------------------------
2.1)The chars are the round parenthesis "(" , ")".
Escaped with \28 and \29 while inserting. Browsing the server, it shows
the correct chars.
3)Search with JLDAP using LDAPSearchResults with "searchFilter" set to
plain X509 subject.
3.1)Got LocalLDAP exception complaining about unescaped chars
3.2)Use LDAPDN.escapeRDN(). No luck. Later found out that that method
does NOT escape parenthesis (!).Javadocs.
3.3)Code a manual escape for parenthesis, resulting in ( = "\28" and )
="\29" into the query.
3.4) NO MATCH.
Here's the escaped query string (note escaped chars):
------------------------------------------------------------------------------
EMAIL=posta-certificata@certmail.ltt.it,CN=L.T.T Lab. Telematica
Territ.,OU=Digital ID Class 1 - Microsoft,OU=Persona Not
Validated,OU=www.verisign.com/repository/RPA Incorp. by
Ref.,LIAB.LTD\28c\2998,OU=VeriSign Trust Network,O=VeriSign, Inc.
^ ^
------------------------------------------------------------------------------
What can I do?
It's a server problem?
It's a broken JLDAP search?
It's my escaping technique/string?
I've searched through the archives and found something similar with a
suggestion for Python (which I don't know) and I GUESS I've done right.
Please suggest a Java/OpenLDAP workaround if you can.
Thanks,
Diego