[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP URI
On Thu, 20 Sep 2012, Emmanuel Dreyfus wrote:
> When feeding a LDAP URI to ldap_url_parse(), I understand some characters
> may need to be escaped in filters in order to get a litteral:
> * => \2a
> ( => \28
> ) => \29
> \ => \5c
> / => \2f
>
> Reading the man page, I understand %-encoding is not mandatory, but
> it is of course required for ?, and obviously for %.
> ? -> %3F
> % -> %25
>
> Are there other characters that should be %-encoded?
>From RFC 4516, LDAP: Uniform Resource Locator, section 2.1:
An octet MUST be encoded using the percent-encoding mechanism
described in section 2.1 of [RFC3986] in any of these situations:
The octet is not in the reserved set defined in section 2.2 of
[RFC3986] or in the unreserved set defined in section 2.3 of
[RFC3986].
It is the single Reserved character '?' and occurs inside a <dn>,
<filter>, or other element of an LDAP URL.
...
>From RFC 3986, URI Generic Syntax, section 2.2 and section 2.3:
reserved = gen-delims / sub-delims
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
So, you have to precent-encode all non-graphical characters (0x00 through
0x20 and 0x7f though 0xff), as well as:
" -> %22
% -> %25
< -> %3c
> -> %3e
? -> %3f
\ -> %5c
^ -> %5e
` -> %60
{ -> %7b
| -> %7c
} -> %7d
Philip Guenther
- References:
- LDAP URI
- From: Emmanuel Dreyfus <manu@netbsd.org>