Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system, and am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was easy enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these escaped characters - I am consistently getting "Invalid DN syntax". This is what the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . $locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless the commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can think of (eg, a single backslash, a double backslash, a triple backslash, and even '\2C') but everything I've tried so far has given me the "Invalid DN syntax" error. Could someone please help me with the syntax and encoding these DNs should have?
Thanks,
MJ
Am 15.02.2011 08:04, schrieb MJ Hughes:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system, and am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was easy enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these escaped characters - I am consistently getting "Invalid DN syntax". This is what the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . $locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless the commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can think of (eg, a single backslash, a double backslash, a triple backslash, and even '\2C') but everything I've tried so far has given me the "Invalid DN syntax" error. Could someone please help me with the syntax and encoding these DNs should have?
Thanks,
MJ
Hi,
have a look at RFC 1485 section 2.2:
http://www.faqs.org/rfcs/rfc1485.html
Double quotes around the RDN will solve your problem.
Regards, Christian Manal
On Wed, Feb 16, 2011 at 2:50 AM, Christian Manal < moenoel@informatik.uni-bremen.de> wrote:
Am 15.02.2011 08:04, schrieb MJ Hughes:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system,
and
am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was
easy
enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these
escaped
characters - I am consistently getting "Invalid DN syntax". This is what the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . $locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless
the
commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can
think
of (eg, a single backslash, a double backslash, a triple backslash, and
even
'\2C') but everything I've tried so far has given me the "Invalid DN
syntax"
error. Could someone please help me with the syntax and encoding these
DNs
should have?
Thanks,
MJ
Hi,
have a look at RFC 1485 section 2.2:
http://www.faqs.org/rfcs/rfc1485.html
Double quotes around the RDN will solve your problem.
Regards, Christian Manal
Thankyou very much for the reply! When I was looking through sites for potential answers, I did come across one that said that in the past double quotes were used for this purpose, but it said that this method was now depreciated and should not be used. Is this not the case, or did I misinterpret?
MJ
On Wed, Feb 16, 2011 at 2:50 AM, Christian Manal < moenoel@informatik.uni-bremen.de> wrote:
Am 15.02.2011 08:04, schrieb MJ Hughes:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system,
and
am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was
easy
enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these
escaped
characters - I am consistently getting "Invalid DN syntax". This is what the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . $locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless
the
commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can
think
of (eg, a single backslash, a double backslash, a triple backslash, and
even
'\2C') but everything I've tried so far has given me the "Invalid DN
syntax"
error. Could someone please help me with the syntax and encoding these
DNs
should have?
Thanks,
MJ
Hi,
have a look at RFC 1485 section 2.2:
http://www.faqs.org/rfcs/rfc1485.html
Double quotes around the RDN will solve your problem.
Regards, Christian Manal
Hi again,
I was wondering if I could request further assistance with this problem. I have tried double quotes around the RDN in various combinations but so far have continued to get the "Invalid DN syntax" error.
Part of the problem is that I'm not sure where the quotes should go in each of the DNs, and whether they need to be escaped. I have tried all the combinations which seemed likely, such as:
$aliasDN: cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com $operationDN: "cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom",cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
And
$aliasDN: cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com $operationDN: cn\3D"Tomorrow, When The War Began",cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Could someone please help me with where the quotes are supposed to go, and whether they should be escaped?
Thanks again, MJ
Am 16.02.2011 01:27, schrieb MJ Hughes:
On Wed, Feb 16, 2011 at 2:50 AM, Christian Manal < moenoel@informatik.uni-bremen.de> wrote:
Am 15.02.2011 08:04, schrieb MJ Hughes:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system,
and
am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was
easy
enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these
escaped
characters - I am consistently getting "Invalid DN syntax". This is what the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . $locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless
the
commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can
think
of (eg, a single backslash, a double backslash, a triple backslash, and
even
'\2C') but everything I've tried so far has given me the "Invalid DN
syntax"
error. Could someone please help me with the syntax and encoding these
DNs
should have?
Thanks,
MJ
Hi,
have a look at RFC 1485 section 2.2:
http://www.faqs.org/rfcs/rfc1485.html
Double quotes around the RDN will solve your problem.
Regards, Christian Manal
Hi again,
I was wondering if I could request further assistance with this problem. I have tried double quotes around the RDN in various combinations but so far have continued to get the "Invalid DN syntax" error.
Part of the problem is that I'm not sure where the quotes should go in each of the DNs, and whether they need to be escaped. I have tried all the combinations which seemed likely, such as:
Well, read the RFC I linked. There's an example in there:
CN=L. Eagle, O="Sue, Grabbit and Runn", C=GB
Also, from your other email, I didn't find any mention that RFC 1485 is deprecated and doing it like in the example works for me.
$aliasDN: cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com $operationDN: "cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom",cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
And
$aliasDN: cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com $operationDN: cn\3D"Tomorrow, When The War Began",cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Could someone please help me with where the quotes are supposed to go, and whether they should be escaped?
Is $operationDN what you actually throw at the LDAP server? You know that you mustn't mask the equal signs that are actually part of the DN syntax? You also mustn't escape the commas when you already use double quotes. And it looks like you kinda maim the DN by adding $localDN to it. Is this really what you want?
cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Wouldn't this make more sense?
cn="Tomorrow, When The War Began",cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Another problem is probably your use of escaping and quotes. When you put a string into double quotes and use a single backslash to escape the comma ("cn=foo, bar"), PHP (I assume it's PHP?) will interpret this as an escape sequence of its own. That way the LDAP server doesn't get the literal "," but what the PHP interpreter makes of it. You either have use single quotes or escape the escape character, so PHP won't mess with it.
I.e. either
'cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com'
or
"cn=Tomorrow\, When The War Began,cn=books,dc=library,dc=com"
or one of the double quote variants
"cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com"
'cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com'
Regards, Christian Manal
Am 16.02.2011 09:43, schrieb Christian Manal:
Am 16.02.2011 01:27, schrieb MJ Hughes:
On Wed, Feb 16, 2011 at 2:50 AM, Christian Manal < moenoel@informatik.uni-bremen.de> wrote:
Am 15.02.2011 08:04, schrieb MJ Hughes:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system,
and
am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was
easy
enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these
escaped
characters - I am consistently getting "Invalid DN syntax". This is what the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . $locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless
the
commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can
think
of (eg, a single backslash, a double backslash, a triple backslash, and
even
'\2C') but everything I've tried so far has given me the "Invalid DN
syntax"
error. Could someone please help me with the syntax and encoding these
DNs
should have?
Thanks,
MJ
Hi,
have a look at RFC 1485 section 2.2:
http://www.faqs.org/rfcs/rfc1485.html
Double quotes around the RDN will solve your problem.
Regards, Christian Manal
Hi again,
I was wondering if I could request further assistance with this problem. I have tried double quotes around the RDN in various combinations but so far have continued to get the "Invalid DN syntax" error.
Part of the problem is that I'm not sure where the quotes should go in each of the DNs, and whether they need to be escaped. I have tried all the combinations which seemed likely, such as:
Well, read the RFC I linked. There's an example in there:
CN=L. Eagle, O="Sue, Grabbit and Runn", C=GB
Also, from your other email, I didn't find any mention that RFC 1485 is deprecated and doing it like in the example works for me.
$aliasDN: cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com $operationDN: "cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom",cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
And
$aliasDN: cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com
$operationDN: cn\3D"Tomorrow, When The War Began",cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Hmm... not my day today, it seems. I should read more carefully. Since "aliasedObjectName=" was missing in $operationDN I kinda read that wrong. So forget what I said bellow about $operationDN.
And as you were right that the RFC I dug up is deprecated, the real problem is probably with the escaping/quoting done in your PHP(?) code, so at least I wasn't a complete idiot ;-)
Could someone please help me with where the quotes are supposed to go, and whether they should be escaped?
Is $operationDN what you actually throw at the LDAP server? You know that you mustn't mask the equal signs that are actually part of the DN syntax? You also mustn't escape the commas when you already use double quotes. And it looks like you kinda maim the DN by adding $localDN to it. Is this really what you want?
cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Wouldn't this make more sense?
cn="Tomorrow, When The War Began",cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Another problem is probably your use of escaping and quotes. When you put a string into double quotes and use a single backslash to escape the comma ("cn=foo, bar"), PHP (I assume it's PHP?) will interpret this as an escape sequence of its own. That way the LDAP server doesn't get the literal "," but what the PHP interpreter makes of it. You either have use single quotes or escape the escape character, so PHP won't mess with it.
I.e. either
'cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com'
or
"cn=Tomorrow\, When The War Began,cn=books,dc=library,dc=com"
or one of the double quote variants
"cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com"
'cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com'
Regards, Christian Manal
On Wed, Feb 16, 2011 at 10:08 PM, Christian Manal < moenoel@informatik.uni-bremen.de> wrote:
Am 16.02.2011 09:43, schrieb Christian Manal:
Am 16.02.2011 01:27, schrieb MJ Hughes:
On Wed, Feb 16, 2011 at 2:50 AM, Christian Manal < moenoel@informatik.uni-bremen.de> wrote:
Am 15.02.2011 08:04, schrieb MJ Hughes:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP
system,
and
am learning on the fly. Until now I've been able to puzzle out all
the
issues I've faced, but finally my google fu has failed me, so I'm
seeking
more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was
easy
enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these
escaped
characters - I am consistently getting "Invalid DN syntax". This is
what
the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . ","
.
$locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN,
$aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless
the
commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can
think
of (eg, a single backslash, a double backslash, a triple backslash,
and
even
'\2C') but everything I've tried so far has given me the "Invalid DN
syntax"
error. Could someone please help me with the syntax and encoding
these
DNs
should have?
Thanks,
MJ
Hi,
have a look at RFC 1485 section 2.2:
http://www.faqs.org/rfcs/rfc1485.html
Double quotes around the RDN will solve your problem.
Regards, Christian Manal
Hi again,
I was wondering if I could request further assistance with this problem.
I
have tried double quotes around the RDN in various combinations but so
far
have continued to get the "Invalid DN syntax" error.
Part of the problem is that I'm not sure where the quotes should go in
each
of the DNs, and whether they need to be escaped. I have tried all the combinations which seemed likely, such as:
Well, read the RFC I linked. There's an example in there:
CN=L. Eagle, O="Sue, Grabbit and Runn", C=GB
Also, from your other email, I didn't find any mention that RFC 1485 is deprecated and doing it like in the example works for me.
$aliasDN: cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com $operationDN: "cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom",cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
And
$aliasDN: cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com
$operationDN: cn\3D"Tomorrow, When The War Began",cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Hmm... not my day today, it seems. I should read more carefully. Since "aliasedObjectName=" was missing in $operationDN I kinda read that wrong. So forget what I said bellow about $operationDN.
And as you were right that the RFC I dug up is deprecated, the real problem is probably with the escaping/quoting done in your PHP(?) code, so at least I wasn't a complete idiot ;-)
Could someone please help me with where the quotes are supposed to go,
and
whether they should be escaped?
Is $operationDN what you actually throw at the LDAP server? You know that you mustn't mask the equal signs that are actually part of the DN syntax? You also mustn't escape the commas when you already use double quotes. And it looks like you kinda maim the DN by adding $localDN to it. Is this really what you want?
cn="Tomorrow, When The War
Began",cn=books,dc=library,dc=com,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Wouldn't this make more sense?
cn="Tomorrow, When The War Began",cn=titles,cn=John
Marsden,cn=authors,dc=library,dc=com
Another problem is probably your use of escaping and quotes. When you put a string into double quotes and use a single backslash to escape the comma ("cn=foo, bar"), PHP (I assume it's PHP?) will interpret this as an escape sequence of its own. That way the LDAP server doesn't get the literal "," but what the PHP interpreter makes of it. You either have use single quotes or escape the escape character, so PHP won't mess with
it.
I.e. either
'cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com'
or
"cn=Tomorrow\, When The War Began,cn=books,dc=library,dc=com"
or one of the double quote variants
"cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com"
'cn="Tomorrow, When The War Began",cn=books,dc=library,dc=com'
Regards, Christian Manal
Christian - thankyou for your replies!
I didn't realise until you pointed it out that I'd lost the "aliasedObjectName=" off the front of the variable contents during the original cut and paste, that made everything a lot more confusing than it should have been, I'm sorry! I also should have specified that I was working with PHP.
The syntax seems quite strange to me, too (the way the full address of the aliased object is used as the RDN of the actual alias) and I haven't been able to find much documentation that works the same way as this code does. It does seem to work, though (other than in the case where there are reserved characters in the alias). I should point out that none of this code is mine, I'm just trying to figure out how it works so I can fix some of the bugs that have cropped up!
You're right, the problem is most definitely with the escaping, as it's the "," combination that's giving me all the grief. I just can't figure out the right escaping for it.
Has anyone else worked with PHP / LDAP that might have any suggestions or examples?
MJ
Christian Manal wrote:
Am 15.02.2011 08:04, schrieb MJ Hughes:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system, and am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was easy enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these escaped characters - I am consistently getting "Invalid DN syntax". This is what the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . $locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless the commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can think of (eg, a single backslash, a double backslash, a triple backslash, and even '\2C') but everything I've tried so far has given me the "Invalid DN syntax" error. Could someone please help me with the syntax and encoding these DNs should have?
Thanks,
MJ
Hi,
have a look at RFC 1485 section 2.2:
http://www.faqs.org/rfcs/rfc1485.html
Double quotes around the RDN will solve your problem.
From http://www.rfc-editor.org/:
Number More Info (Obs&Upd) Status RFC1485 Obsoleted by RFC1779, RFC3494 HISTORIC
then there is a long list of obsolescence up to RFC4510, RFC4514 which are the current specs for DN representation; I note that RFC4514 does no longer mention quoting as allowed. The fact that OpenLDAP accepts it is a matter of being friendly to obsolete, istoric clients. Perpetuating that behavior is a Bad Thing. The problem lies somewhere else, I suspect in some inconsistent escaping handling of the language used.
p.
Am 16.02.2011 10:16, schrieb Pierangelo Masarati:
Christian Manal wrote:
Am 15.02.2011 08:04, schrieb MJ Hughes:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system, and am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was easy enough to fix by simply escaping these characters with a backslash.
My problem now involves trying to alias entries that contain these escaped characters - I am consistently getting "Invalid DN syntax". This is what the code to add the alias looks like:
$operationDN = "aliasedObjectName=" . $this->aliasSafe($aliasDN) . "," . $locDN;
$aliasParameterArray = array(
"objectClass" => "alias",
"aliasedObjectName" => $aliasDN
);
$result = ldap_add($this->LDAPcon, $operationDN, $aliasParameterArray);
The aliasSafe() function converts "=" => "\3D" and "," => "," (unless the commas have already been escaped).
This produces DNs that have the following (hypothetical) format:
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
I've tried every encoding of the comma (in the book name) that I can think of (eg, a single backslash, a double backslash, a triple backslash, and even '\2C') but everything I've tried so far has given me the "Invalid DN syntax" error. Could someone please help me with the syntax and encoding these DNs should have?
Thanks,
MJ
Hi,
have a look at RFC 1485 section 2.2:
http://www.faqs.org/rfcs/rfc1485.html
Double quotes around the RDN will solve your problem.
From http://www.rfc-editor.org/:
Number More Info (Obs&Upd) Status RFC1485 Obsoleted by RFC1779, RFC3494 HISTORIC
then there is a long list of obsolescence up to RFC4510, RFC4514 which are the current specs for DN representation; I note that RFC4514 does no longer mention quoting as allowed. The fact that OpenLDAP accepts it is a matter of being friendly to obsolete, istoric clients. Perpetuating that behavior is a Bad Thing. The problem lies somewhere else, I suspect in some inconsistent escaping handling of the language used.
p.
Thanks for the info. My two minute google research after MJ's second mail didn't come up with that.
Regards, Christian Manal
On Tuesday, 15 February 2011 09:04:41 MJ Hughes wrote:
Hi,
I'm an LDAP newbie who has inherited the maintenance of an LDAP system, and am learning on the fly. Until now I've been able to puzzle out all the issues I've faced, but finally my google fu has failed me, so I'm seeking more human assistance.
My problem is with reserved characters, such as , (comma). The system wasn't coping with RDNs that contained these characters, but this was easy enough to fix by simply escaping these characters with a backslash.
Is it *really* necessary to have the title of the book as the RDN? Surely it would make sense to use a normalized unique identifier (e.g. ISBN number?) as the RDN, and just have the cn a normal attribute? And, the author also as an attribute? Then you wouldn't need to build a separate "index" of books by author ...
[...]
$aliasDN: cn=Tomorrow, When The War Began,cn=books,dc=library,dc=com
$operationDN: cn\3DTomorrow, When The War Began,cn\3Dbooks,dc\3Dlibrary,dc\3Dcom,cn=titles,cn=John Marsden,cn=authors,dc=library,dc=com
Regards, Buchan
openldap-technical@openldap.org