hi,
Does OpenLDAP provide any routines for validating whether a given string represents a valid LDAP search filter? This is for me to detect invalid configuration settings in my LDAP client, and report the problem to the end-user as early as possible. For example, I want to catch settings like LDAPFilter="(cn=foo)", since they don't conform to the RFC 2254. Also, a side question, is the use of brackets around the main filter definition compulsory? All of the LDAP tools I have at my disposal seem to allow just cn=foo type filters...
Well, the client library, with respect to filters, does syntax validation but it cannot do any semantics validation (i.e. check if an attribute syntax supports the matching rule that's being used, or if an attribute's value complies with the syntax for that attribute). A "smart" client could do this by accessing the schema related to the search it's going to perform, provided it implements the necessary checks for the syntaxes in use, but OpenLDAP's clients don't do that (I guess no existing client really does that).
Syntax checking is done while encoding the filter for transmission (if encoding succeeds, the filter was fine); this is done by ldap_pvt_put_filter(), which is part of the private API (as the ldap_pvt_* indicates) so it's not exposed in the header ldap.h. As part of the private API, it requires access to data types otherwise opaque, so calling it may not be easy. You can follow two paths: learn from that function, and code your own, or use that function by accessing the private API. Note that the latter option implies you're aware of the fact that the interface may change without notice, so don't expect your code to build seamlessly whenever you upgrade.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------