On Fri, 23 Apr 2010, Luis Neves wrote:

Can someone confirm this error please?

Try to make a ldapsearch agains any attribute on a ldap directory with this filter please:

'Cart\xC3\xA3o'

Iam geting "bad search filter' because of the '\x'. But I need this search working to be able to query a X.509 Certificate field.

Indeed, that's not a valid value in an LDAP search filter. You need to distinguish between the true value and *an* encoded value and make sure you're using the correct encoding for the protocol or format. In this case, Cart\xC3\xA3o

is the value as encoded by openssl's x509 code for displaying DNs. The true value consists of the UTF-8 representation of the letters 'C', 'a', 'r', 't', 'a with tilde', and 'o'. To include that in an LDAP search filter, you need to follow the rules in RFC 4515. If you do that, you get: Cart\C3\A3o

That's an easy one, but other encodings have more baggage, like RFC 2047's encoding for email header fields, in which this would be: =?utf-8?q?Cart=C3=A3o?=

(If you consider the character to be the true value, independent of the charset used, then you might consider this: =?iso-8859-1?q?Cart=E3o?= to be the same...)

Philip Guenther