Hi Everyone,
Microsoft AD requires a forward slash ('/') be escaped with "\2f". Confer, [1, 2]. However, escaping the forward slash is not required per the RFCs (if I am parsing the RFCs correctly).
I would like to know if OpenLDAP recognizes an escaped forward slash and handles it properly. I suspect OpenLDAP does since slapd is just a front-end to different directories.
The reason I would like to know is for a generic encoder. If MS Active Directory, Novell eDirectory and OpenLDAP handle the escaped forward slash as expected, then it makes it easier to write the encoder.
Thanks in advance,
Jeff
[1] https://social.technet.microsoft.com/wiki/contents/articles/5312.active-dire... [2] https://docs.microsoft.com/en-us/windows/win32/adsi/ldap-dialect
Hi,
I just test on my slapd 2.4.59 and it seem support it in both DN and filters (with or without escaping). In fact, the espaced value for "/" is "\2f" where 2f (in base 16, equals to 47 in base 10) is the ASCII code for the character "/" (as explain in RFC 4515 [1]).
Regards,
[1] https://tools.ietf.org/search/rfc4515#section-3
Le 29/06/2022 à 08:24, Jeffrey Walton a écrit :
Hi Everyone,
Microsoft AD requires a forward slash ('/') be escaped with "\2f". Confer, [1, 2]. However, escaping the forward slash is not required per the RFCs (if I am parsing the RFCs correctly).
I would like to know if OpenLDAP recognizes an escaped forward slash and handles it properly. I suspect OpenLDAP does since slapd is just a front-end to different directories.
The reason I would like to know is for a generic encoder. If MS Active Directory, Novell eDirectory and OpenLDAP handle the escaped forward slash as expected, then it makes it easier to write the encoder.
Thanks in advance,
Jeff
[1] https://social.technet.microsoft.com/wiki/contents/articles/5312.active-dire... [2] https://docs.microsoft.com/en-us/windows/win32/adsi/ldap-dialect
On 6/29/22 08:24, Jeffrey Walton wrote:
Microsoft AD requires a forward slash ('/') be escaped with "\2f". Confer, [1, 2]. [1] https://social.technet.microsoft.com/wiki/contents/articles/5312.active-dire... [2] https://docs.microsoft.com/en-us/windows/win32/adsi/ldap-dialect
Personally I understand [1] that escaping forward slash is only required when passing strings to ADSI and [2] is only about using ADSI.
I guess ADSI's LDAP client then sends non-escaped forward-slashes. I can't test it myself though.
Anyway you're allowed to apply correct escaping to any character in DNs (RFC 4514) or LDAP filters (RFC 4515) and this would also work with OpenLDAP.
Ciao, Michael.
openldap-technical@openldap.org
-
Benjamin Renard -
Jeffrey Walton -
Michael Ströder