You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2015/12/09 13:37:10 UTC
[jira] [Issue Comment Deleted] (DIRSTUDIO-1078) unable to use #
pound hash sign in LDAP filters
[ https://issues.apache.org/jira/browse/DIRSTUDIO-1078?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSTUDIO-1078:
-----------------------------------------
Comment: was deleted
(was: To be clear, let's go back to your example, {{cn=before#after}}. Here, the '#' is inside the DN's value. As such, it can be parsed using the {{RFC4514}} grammar :
cn=before#after matches
attributeTypeAndValue = attributeType EQUALS attributeValue
cn matches
attributeType = descr / numericoid
before#after matches
attributeValue = string / hexstring
before#after matches
string = [ ( leadchar / pair ) [ *( stringchar / pair ) ( trailchar / pair ) ] ]
'b' matches
[ ( leadchar / pair )...
leadchar = LUTF1 / UTFMB
'b' matches
LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A /
%x3D / %x3F-5B / %x5D-7F
'e', 'f', 'o', 'r', 'e', '#' (and the following chars) match
...[ *( stringchar / pair )..
stringchar = SUTF1 / UTFMB
SUTF1 = %x01-21 / %x23-2A / %x2D-3A /
%x3D / %x3F-5B / %x5D-7F
so in this case, you can keep a '#' as is (ie, no escaping is needed.
Now, consider cn=#before :
cn=cn=#before matches
attributeTypeAndValue = attributeType EQUALS attributeValue
cn matches
attributeType = descr / numericoid
#before matches
attributeValue = string / hexstring
#before matches
string = [ ( leadchar / pair ) [ *( stringchar / pair ) ( trailchar / pair ) ] ]
'#' does not match
[ ( leadchar / pair ) ...
leadchar = LUTF1 / UTFMB
LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A /
%x3D / %x3F-5B / %x5D-7F
pair = ESC ( ESC / special / hexpair )
so this is not a valid DN. The leading '#' *must* be escaped using '\#', and the DN will then be {{cn=\#before}}
Now, this (escaped) DN might be used in a Filter, where the '\' char *must* be escaped itself, per :
{noformat}
assertionvalue = valueencoding
valueencoding = 0*(normal / escaped)
normal = UTF1SUBSET / UTFMB
escaped = ESC HEX HEX
UTF1SUBSET = %x01-27 / %x2B-5B / %x5D-7F
{nomormat}
cn=\#before matches
assertionvalue = valueencoding
cn=\#before matches
valueencoding = 0*(normal / escaped)
'c', 'n', '=' match
normal = UTF1SUBSET / UTFMB
UTF1SUBSET = %x01-27 / %x2B-5B / %x5D-7F
'\' matches
escaped = ESC HEX HEX
but here, the following '#' and 'b' are not HEX chars, so we must transform the '\' to '\', '5', 'C'...)
> unable to use # pound hash sign in LDAP filters
> -----------------------------------------------
>
> Key: DIRSTUDIO-1078
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1078
> Project: Directory Studio
> Issue Type: Bug
> Affects Versions: 2.0.0-M9 (2.0.0.v20150606-M9)
> Reporter: Sorin Sbarnea
>
> It seems impossible to perform searches that to use # sign inside. Tried to add them, not escaped, escaped with single or double backslash but none of these approaches worked.
> Example
> {code}
> (&(objectClass=group)(displayName=*)(|(memberOf:1.2.840.113556.1.4.1941:=CN=\\#SOME,OU=Groups,OU=EMEA,DC=example,DC=net)))
> (&(objectClass=group)(displayName=*)(|(memberOf:1.2.840.113556.1.4.1941:=CN=\#SOME,OU=Groups,OU=EMEA,DC=example,DC=net)))
> (&(objectClass=group)(displayName=*)(|(memberOf:1.2.840.113556.1.4.1941:=CN=#SOME,OU=Groups,OU=EMEA,DC=example,DC=net)))
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)