On Fri, 21 Sep 2012, Emmanuel Dreyfus wrote:
Philip Guenther guenther+ldaptech@sendmail.com wrote:
You asked what characters in an LDAP search filter have to be percent encoded when including that search filter in an LDAP URI. That's the question I answered above.
Oh, right, there was some misunderstanding, I though you were taking about escaping characters in the whole URI. If we only talk about the filter, then everything makes sense.
But I am still puzzled about if I should use \3f or %3f, or %5c3f for a litteral ?
If you have to ask that question, you're doing it wrong.
1) you start with a search filter encoded according to the rules in RFC 4515. 2) To encode *that string* inside the filter part of an LDAP URL, follow the rules in RFC 4516.
So: imagine your search filter is this: (cn=Bob ?) which is the *exact same filter* as this: (cn=Bob \3f)
Those both follow the rules of RFC 4515, and have the *same meaning*.
To encode those in a URL, you have to percent-escape two of the characters in each. In this filter: (cn=Bob ?)
the space and the '?' must be encoded, so it would show up in a URL like this: ldap://ldap.example.com/???(cn=Bob%20%3f)
In this filter: (cn=Bob \3f)
*which has the same meaning as the previous one*, the space and the backslash must be encoded, so it would show up in a URL like this: ldap://ldap.example.com/???(cn=Bob%20%5c3f)
Philip Guenther