[Date Prev][Date Next] [Chronological] [Thread] [Top]

How to correctly escape search filters

To: openldap-technical@openldap.org
Subject: How to correctly escape search filters
From: Jeremiah Martell <inlovewithgod@gmail.com>
Date: Tue, 27 Apr 2010 16:14:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=qBPVowBozg3lTylzup44+yP2GMa4aHZZwuOcwwoYsp4=; b=LmYBUWeBQNe7bBtnCDhqD4ZyAP2QDOMDEr8i2J7OYNhoyz3JooWLgDTQ87LRqTXVt7 GSG32jxHJFy+krQvnhzR+o6PEoTVgQ2b4rHD3HU/oax+W/+Op8W1LubIh/E8kcwcLqxH td+PcDcB6J5a9dkTDJN0E0hq9CI9/J9HrhxRk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=IF88ufLrJpfJmHbN7uePP0IniiQma/o6KDLQLJa6bX7ZeoDCWKVFgP/gkFkoOwxIVr IzA0jCDySsl+P5IqVUSiOnYqfnn+Y4AB7tOshzzOpxoUIzAN+ni5lQXrgF8/gBZfCv0Q ZKM/oPwgjeBYFTOFSJDuSUiaWlMxDO4A4CZaI=

I've been trying to research how to correctly escape search filters, and I can't find any single
reliable source that makes sense.

I look at RFC 2253 (http://www.ietf.org/rfc/rfc2253.txt) section 2.4,
and this IBM webpage (http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzahy/rzahyunderdn.htm),
and they both seem to suggest that you need to escape (for example) the '+' sign.

But when I escape a search filter like this:
(&(objectclass=person)(facsimileTelephoneNumber=+1234))
to this:
(&(objectclass=person)(facsimileTelephoneNumber=\+1234))
it results in a bad filter.

My hunch is that perhaps DNs, attribute names, and attribute values are all escaped different.

Is there a simple explanation online on how to escape search filters?

Thanks,
- Jeremiah

Follow-Ups:
- Re: How to correctly escape search filters
  - From: masarati@aero.polimi.it

Prev by Date: Re: Certificate authentication and back-ldap proxy
Next by Date: Re: How to correctly escape search filters
Index(es):
- Chronological
- Thread