You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Endi S. Dewata (JIRA)" <ji...@apache.org> on 2006/10/04 20:20:31 UTC

[jira] Commented: (DIRSERVER-756) Problem with escaped comma in DN

    [ http://issues.apache.org/jira/browse/DIRSERVER-756?page=comments#action_12439931 ] 
            
Endi S. Dewata commented on DIRSERVER-756:
------------------------------------------

Hi Emmanuel,

I think "cn=Bush, Kate,dc=example,dc=com" is not the correct normalized form because it cannot be parsed back into a valid DN. Also, when I try to view the above entry in ADS using Softerra browser, it produced an error because the DN is invalid.

I have run the same test against OpenLDAP, the difference is that OpenLDAP will convert the escaped comma into \2C which works well with the Softerra browser. So this is definitely an ADS problem, not a client problem.

Here's an excerpt from RFC 2253 (http://www.ietf.org/rfc/rfc2253.txt) section 2.4:

   If the UTF-8 string does not have any of the following characters
   which need escaping, then that string can be used as the string
   representation of the value.

    o   a space or "#" character occurring at the beginning of the
        string

    o   a space character occurring at the end of the string

    o   one of the characters ",", "+", """, "\", "<", ">" or ";"

   Implementations MAY escape other characters.

   If a character to be escaped is one of the list shown above, then it
   is prefixed by a backslash ('\' ASCII 92).

   Otherwise the character to be escaped is replaced by a backslash and
   two hex digits, which form a single byte in the code of the
   character.


> Problem with escaped comma in DN
> --------------------------------
>
>                 Key: DIRSERVER-756
>                 URL: http://issues.apache.org/jira/browse/DIRSERVER-756
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: pre-1.0, 1.0-RC4
>            Reporter: Endi S. Dewata
>
> 1. Add the following entry:
> ldapadd -h localhost -p 10389 -D uid=admin,ou=system -w secret -x
> dn: cn=Dewata\, Endi,ou=Users,ou=system
> objectClass: person
> cn: Dewata, Endi
> sn: Dewata
> 2. Search the entry:
> ldapsearch -h localhost -p 10389 -D uid=admin,ou=system -w secret -x -b "ou=system"
> #
> dn: cn=Dewata, Endi,ou=Users,ou=system
> objectclass: person
> objectclass: top
> sn: Dewata
> cn: Dewata, Endi
> The escape character (\) is missing from the DN, causing it to become invalid.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira