Hello there
I use a Debian 7.4 server with ldapsearch to search data about users on an Active Directory database.
When a result of a search contains specials characters (such as é, è, à), no result is given, but if I delete special characters to the user profile, it works.
How could I make it work with special caracters (guess it's a UTF-8 problem ?) ?
Thanks in advance
Nicolas
Hello there
I use a Debian 7.4 server with ldapsearch to search data about users on an Active Directory database.
When a result of a search contains specials characters (such as é, è, à), no result is given, but if I delete special characters to the user profile, it works.
How could I make it work with special caracters (guess it's a UTF-8 problem ?) ?
Thanks in advance
Nicolas
signature -----
No one could help me ?
Thanks
Nicolas Cauchie wrote:
Hello there
I use a Debian 7.4 server with ldapsearch to search data about users on an Active Directory database.
When a result of a search contains specials characters (such as é, è, à), no result is given, but if I delete special characters to the user profile, it works.
How could I make it work with special caracters (guess it's a UTF-8 problem ?) ?
Thanks in advance
Nicolas
signature -----
No one could help me ?
Sounds like a question for Microsoft. The OpenLDAP ldapsearch command prints out whatever data it receives from the remote server. If the remote server isn't sending you what you expect, then get help from that server's support team.
El día Monday, May 26, 2014 a las 09:18:38AM +0200, Nicolas Cauchie escribió:
Hello there I use a Debian 7.4 server with ldapsearch to search data about users on an Active Directory database. When a result of a search contains specials characters (such as é, è, à), no result is given, but if I delete special characters to the user profile, it works. How could I make it work with special caracters (guess it's a UTF-8 problem ?) ? Thanks in advance Nicolas
Hi Nicolas,
Are you sure that no results are returned? Can you show the output of a ldapsearch cmd-line tool? I saw that in the result values are encoded if they contain non ASCII chars.
matthias
Hi,
I have noticed the same issue when talking to an AD server (very recent version, I think 2012 or so). In fact, I think either AD or ldapsearch is encoding the values values in Base64. I will soon know more because I will start to use the results in a real app. Maybe we have to decode them explicitly.
It's easy to do the detection (emcoded or not), as in ldapsearch, the key is followed by two columns instead of one. Example below:
... cn:: SGFucyBSw7xja21hbm4= ...
is decoding to Hans Rückmann (hope the mailing list will transport it correctly, its a U-umlaut after the R).
Regs, Charles
P.S. tests done with http://www.base64decode.org/
On 22.05.14 15:56, Nicolas Cauchie wrote:
Hello there
I use a Debian 7.4 server with ldapsearch to search data about users on an Active Directory database.
When a result of a search contains specials characters (such as é, è, à), no result is given, but if I delete special characters to the user profile, it works.
How could I make it work with special caracters (guess it's a UTF-8 problem ?) ?
Thanks in advance
Nicolas
signature -----
Charles Bueche wrote:
I have noticed the same issue when talking to an AD server (very recent version, I think 2012 or so). In fact, I think either AD or ldapsearch is encoding the values values in Base64. I will soon know more because I will start to use the results in a real app. Maybe we have to decode them explicitly.
It's easy to do the detection (emcoded or not), as in ldapsearch, the key is followed by two columns instead of one. Example below:
... cn:: SGFucyBSw7xja21hbm4= ...
is decoding to Hans Rückmann (hope the mailing list will transport it correctly, its a U-umlaut after the R).
This is the LDIF and *not* the attribute value itself.
Everybody who is confused about this base64 stuff should read RFC 2849 now.
Again I recommend to use a decent scripting language with LDAP module.
From http://tools.ietf.org/html/rfc2849
4) Any dn or rdn that contains characters other than those defined as "SAFE-UTF8-CHAR", or begins with a character other than those defined as "SAFE-INIT-UTF8-CHAR", above, MUST be base-64 encoded. Other values MAY be base-64 encoded. Any value that contains characters other than those defined as "SAFE-CHAR", or begins with a character other than those defined as "SAFE-INIT-CHAR", above, MUST be base-64 encoded. Other values MAY be base-64 encoded.
Ciao, Michael.
Thx Michael for the precision and the RFC pointer !
On 01.06.14 09:29, Michael Ströder wrote:
Charles Bueche wrote:
I have noticed the same issue when talking to an AD server (very recent version, I think 2012 or so). In fact, I think either AD or ldapsearch is encoding the values values in Base64. I will soon know more because I will start to use the results in a real app. Maybe we have to decode them explicitly.
It's easy to do the detection (emcoded or not), as in ldapsearch, the key is followed by two columns instead of one. Example below:
... cn:: SGFucyBSw7xja21hbm4= ...
is decoding to Hans Rückmann (hope the mailing list will transport it correctly, its a U-umlaut after the R).
This is the LDIF and *not* the attribute value itself.
Everybody who is confused about this base64 stuff should read RFC 2849 now.
Again I recommend to use a decent scripting language with LDAP module.
From http://tools.ietf.org/html/rfc2849
4) Any dn or rdn that contains characters other than those defined as "SAFE-UTF8-CHAR", or begins with a character other than those defined as "SAFE-INIT-UTF8-CHAR", above, MUST be base-64 encoded. Other values MAY be base-64 encoded. Any value that contains characters other than those defined as "SAFE-CHAR", or begins with a character other than those defined as "SAFE-INIT-CHAR", above, MUST be base-64 encoded. Other values MAY be base-64 encoded.Ciao, Michael.
openldap-technical@openldap.org
-
Charles Bueche -
Howard Chu -
Matthias Apitz -
Michael Ströder -
Nicolas Cauchie