Hello openLDAP gurus,
According to the RFC 4514, an RDN value may start with # and to be followed by a number of "hex pair" (pairs of hexadecimal values), representing octets of some binary value.
There are two use cases involving such RDN syntax:
· Case 1, where the RDN is of the form:
<attribute OID (called also as attribute desc in dotted form)>=#<BER encoded attribute value in form of a sequence of hex pairs >
· Case 2, where the RDN is of the form:
<attribute name>=#<attribute value in form of a sequence of hex pairs>
Case 1 is explicitly illustrated in the RFC 4514 by the example:
1.3.6.1.4.1.1466.0=#04024869
Although Case 2 is not explicitly illustrated in the RFC4514, it is implicitly correct, as it is in the conformity with the RDN syntax provided by this RFC.
The example of Case2 equivalent to the example of Case1 given in the RFC would be:
<name of the attribute with OID 1.3.6.1.4.1.1466.0>=#4869
I have tested using openLDAP 2.4.39 a number of cases involving RDNs starting with #, including an example very close to the example from the RFC.
The results show that:
· If RDN value is provided as e.g. string value, LDAP operations like add, search and delete work well
· If RDN value is provided as # prefixed hexadecimal value corresponding to the cases 1 and 2, none of this cases work and in all the cases I get the error "Invalid DN syntax"
The schema file, scripts used to run the test and the test results are in the attached zip file.
I would like to know:
· If you share our understanding of the problem and in particular our interpretation of the Case2, for which there is no explicit example in the RFC4514.
· If this is a known limitation in openLDAP.
· If there is already a plan to fix the problem. If not, I'd be glad to contribute to fixing it.
Thanks in advance for your answer.
Regards,
Lech POFELSKI
Lech POFELSKI,
Software Development Engineer
Hewlett-Packard Centre de Compétences France
5 Avenue Raymond Chanas
38320 Eybens - France
lech.pofelski(a)hp.com<mailto:lech.pofelski@hp.com>