6:56 a.m.
Hello there
I use a Debian 7.4 server with ldapsearch to search data about users on
an Active Directory database.
When a result of a search contains specials characters (such as é, è,
à), no result is given, but if I delete special characters to the user
profile, it works.
How could I make it work with special caracters (guess it's a UTF-8
problem ?) ?
Thanks in advance
Nicolas
--
signature -----
12:18 a.m.
Hello there
I use a Debian 7.4 server with ldapsearch to search data about users
on an Active Directory database.
When a result of a search contains specials characters (such as é, è,
à), no result is given, but if I delete special characters to the user
profile, it works.
How could I make it work with special caracters (guess it's a UTF-8
problem ?) ?
Thanks in advance
Nicolas
--
signature -----
No one could help me ?
Thanks
--
12:51 a.m.
Nicolas Cauchie wrote:
> Hello there
>
> I use a Debian 7.4 server with ldapsearch to search data about users on an
> Active Directory database.
>
> When a result of a search contains specials characters (such as é, è, à), no
> result is given, but if I delete special characters to the user profile, it
> works.
>
> How could I make it work with special caracters (guess it's a UTF-8 problem ?) ?
>
> Thanks in advance
>
> Nicolas
> --
> signature -----
>
>
>
No one could help me ?
Sounds like a question for Microsoft. The OpenLDAP ldapsearch command prints
out whatever data it receives from the remote server. If the remote server
isn't sending you what you expect, then get help from that server's support team.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
1:02 a.m.
El día Monday, May 26, 2014 a las 09:18:38AM +0200, Nicolas Cauchie escribió:
Hello there
I use a Debian 7.4 server with ldapsearch to search data about users
on an Active Directory database.
When a result of a search contains specials characters (such as é,
è, à), no result is given, but if I delete special characters to the
user profile, it works.
How could I make it work with special caracters (guess it's a UTF-8
problem ?) ?
Thanks in advance
Nicolas
Hi Nicolas,
Are you sure that no results are returned? Can you show the output of a
ldapsearch cmd-line tool? I saw that in the result values are encoded if
they contain non ASCII chars.
matthias
--
Matthias Apitz | /"\ ASCII Ribbon Campaign:
E-mail: guru(a)unixarea.de | \ / - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ | X - No proprietary attachments
phone: +49-170-4527211 | / \ - Respect for open standards
| en.wikipedia.org/wiki/ASCII_Ribbon_Campaign
11:38 p.m.
Hi,
I have noticed the same issue when talking to an AD server (very recent
version, I think 2012 or so). In fact, I think either AD or ldapsearch
is encoding the values values in Base64. I will soon know more because I
will start to use the results in a real app. Maybe we have to decode
them explicitly.
It's easy to do the detection (emcoded or not), as in ldapsearch, the
key is followed by two columns instead of one. Example below:
...
cn:: SGFucyBSw7xja21hbm4=
...
is decoding to Hans Rückmann (hope the mailing list will transport it
correctly, its a U-umlaut after the R).
Regs,
Charles
P.S. tests done with http://www.base64decode.org/
On 22.05.14 15:56, Nicolas Cauchie wrote:
Hello there
I use a Debian 7.4 server with ldapsearch to search data about users
on an Active Directory database.
When a result of a search contains specials characters (such as é, è,
à), no result is given, but if I delete special characters to the user
profile, it works.
How could I make it work with special caracters (guess it's a UTF-8
problem ?) ?
Thanks in advance
Nicolas
--
signature -----
12:29 a.m.
Charles Bueche wrote:
I have noticed the same issue when talking to an AD server (very
recent
version, I think 2012 or so). In fact, I think either AD or ldapsearch
is encoding the values values in Base64. I will soon know more because I
will start to use the results in a real app. Maybe we have to decode
them explicitly.
It's easy to do the detection (emcoded or not), as in ldapsearch, the
key is followed by two columns instead of one. Example below:
...
cn:: SGFucyBSw7xja21hbm4=
...
is decoding to Hans Rückmann (hope the mailing list will transport it
correctly, its a U-umlaut after the R).
This is the LDIF and *not* the attribute value itself.
Everybody who is confused about this base64 stuff should read RFC 2849 now.
Again I recommend to use a decent scripting language with LDAP module.
From http://tools.ietf.org/html/rfc2849
4) Any dn or rdn that contains characters other than those
defined as "SAFE-UTF8-CHAR", or begins with a character other
than those defined as "SAFE-INIT-UTF8-CHAR", above, MUST be
base-64 encoded. Other values MAY be base-64 encoded. Any
value that contains characters other than those defined as
"SAFE-CHAR", or begins with a character other than those
defined as "SAFE-INIT-CHAR", above, MUST be base-64 encoded.
Other values MAY be base-64 encoded.
Ciao, Michael.
12:41 a.m.
Thx Michael for the precision and the RFC pointer !
On 01.06.14 09:29, Michael Ströder wrote:
Charles Bueche wrote:
> I have noticed the same issue when talking to an AD server (very recent
> version, I think 2012 or so). In fact, I think either AD or ldapsearch
> is encoding the values values in Base64. I will soon know more because I
> will start to use the results in a real app. Maybe we have to decode
> them explicitly.
>
> It's easy to do the detection (emcoded or not), as in ldapsearch, the
> key is followed by two columns instead of one. Example below:
>
> ...
> cn:: SGFucyBSw7xja21hbm4=
> ...
>
> is decoding to Hans Rückmann (hope the mailing list will transport it
> correctly, its a U-umlaut after the R).
This is the LDIF and *not* the attribute value itself.
Everybody who is confused about this base64 stuff should read RFC 2849 now.
Again I recommend to use a decent scripting language with LDAP module.
From http://tools.ietf.org/html/rfc2849
4) Any dn or rdn that contains characters other than those
defined as "SAFE-UTF8-CHAR", or begins with a character other
than those defined as "SAFE-INIT-UTF8-CHAR", above, MUST be
base-64 encoded. Other values MAY be base-64 encoded. Any
value that contains characters other than those defined as
"SAFE-CHAR", or begins with a character other than those
defined as "SAFE-INIT-CHAR", above, MUST be base-64 encoded.
Other values MAY be base-64 encoded.
Ciao, Michael.
3285
days inactive
3295
days old
openldap-technical@openldap.org
6 comments
5 participants
participants (5)
-
Charles Bueche -
Howard Chu -
Matthias Apitz -
Michael Ströder -
Nicolas Cauchie