[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [JLDAP] Unable to search for X509 subject entry.Escape character "("
- To: diego@ltt.it, openldap-software@OpenLDAP.org
- Subject: Re: [JLDAP] Unable to search for X509 subject entry.Escape character "("
- From: Marc Boorshtein <mboorshtein@yahoo.com>
- Date: Tue, 22 Mar 2005 08:06:49 -0800 (PST)
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=EAT6S/XSuViVkvlCIvMO+iSkT0PvLbCRr9PebYbhWQX4cRq14pXH3R1daGLrqQJc1/6wD848Qlw0JoIWwJMP09G1fMWSV6hexUXjql+NF4IqNFLdgvAqBXwtv+AmvO8MpvJP8wJrbUp/XY+mTgleSxi6lzO0Vnpl1hVAYbqQ/gs= ;
- In-reply-to: 6667
What if you escape the "(" and ")"?
ie "(subject=\(1999\))"
Marc Boorshtein
--- Diego Pietralunga <diego@ltt.it> wrote:
> Hi,
>
> I' m currently stuck with a problem with a LDAP
> search which is
> driving me crazy.
>
> Using Novell JLDAP Java classes (2004_09_15) I need
> to perform a query
> for a X509 certificate subject (stored on LDAP
> server through a custom
> schema).
> The server is OpenLDAP 2.0.27, os Suse Linux 9.0 and
> the certificate to
> search is Verisign's.
> Unfortunately it looks like that the problem is
> that Verisign uses
> plenty of "(", ")" characters in their DNs.
> These characters need to be escaped for OpenLDAP
> (and per LDAP rfc I
> guess).
> The standard OpenLDAP entry I have to search
> includes a binary
> certificate and a string with the X509 Subject (for
> searching)
>
> Scenario:
> 1)Load new plain Verisign certificate (subject) on
> OpenLDAP via LDAP
> Browser editor tool.
> 1.1) Fail to load because of invalid chars.
> 2)Manually find and escape the chars.
> This is the failing entry:
>
---------------------------------------------------------------------------------------------------------------------------------------
> O=VeriSign\, Inc., OU=VeriSign Trust Network,
> OU=www.verisign.com/repository/RPA Incorp. by
> Ref.\,LIAB.LTD(c)98,
> OU=Persona Not Validated, OU=Digital ID Class 1 -
> Microsoft, CN=L.T.T
> Lab. Telematica
>
Territ./emailAddress=posta-certificata@certmail.ltt.it
>
----------------------------------------------------------------------------------------------------------------------------------------
> 2.1)The chars are the round parenthesis "(" , ")".
> Escaped with \28 and \29 while inserting. Browsing
> the server, it shows
> the correct chars.
>
> 3)Search with JLDAP using LDAPSearchResults with
> "searchFilter" set to
> plain X509 subject.
> 3.1)Got LocalLDAP exception complaining about
> unescaped chars
> 3.2)Use LDAPDN.escapeRDN(). No luck. Later found out
> that that method
> does NOT escape parenthesis (!).Javadocs.
> 3.3)Code a manual escape for parenthesis, resulting
> in ( = "\28" and )
> ="\29" into the query.
> 3.4) NO MATCH.
>
> Here's the escaped query string (note escaped
> chars):
>
------------------------------------------------------------------------------
> EMAIL=posta-certificata@certmail.ltt.it,CN=L.T.T
> Lab. Telematica
> Territ.,OU=Digital ID Class 1 - Microsoft,OU=Persona
> Not
> Validated,OU=www.verisign.com/repository/RPA Incorp.
> by
> Ref.,LIAB.LTD\28c\2998,OU=VeriSign Trust
> Network,O=VeriSign, Inc.
> ^ ^
>
------------------------------------------------------------------------------
>
> What can I do?
> It's a server problem?
> It's a broken JLDAP search?
> It's my escaping technique/string?
>
> I've searched through the archives and found
> something similar with a
> suggestion for Python (which I don't know) and I
> GUESS I've done right.
>
> Please suggest a Java/OpenLDAP workaround if you
> can.
>
> Thanks,
>
> Diego
>