12:55 p.m.
I am using openldap client library 2.4.44 on Centos 7.3, LDAP v3
setting. I am having an issue with LDAP bind when the DN has encoded
representation of special characters like é (e acute). Actual DN is
CN=mithun,OU=Groupes de Sécurité,DC=mytest,DC=net and when it is sent
by the app (frontend) to our backend, it is coming as
CN=mithun,OU=Groupes de S\u00e9curit\u00e9,DC=insaaadev,DC=net.
Basically, é comes encoded as \u00e9 which is as per the encoding
mentioned here https://www.fileformat.info/info/unicode/char/e9/index.htm
To further try out, I directly hardcoded the DN to
CN=mithun,OU=Groupes de S\u00e9curit\u00e9,DC=mytest,DC=net and that
worked fine. I want to understand why it fails when the DN in the same
format comes from the frontend app. Appreciate your help, thanks.
5:49 p.m.
radiatejava wrote:
I am using openldap client library 2.4.44 on Centos 7.3, LDAP v3
setting. I am having an issue with LDAP bind when the DN has encoded
representation of special characters like é (e acute). Actual DN is
CN=mithun,OU=Groupes de Sécurité,DC=mytest,DC=net and when it is sent
by the app (frontend) to our backend, it is coming as
CN=mithun,OU=Groupes de S\u00e9curit\u00e9,DC=insaaadev,DC=net.
Basically, é comes encoded as \u00e9 which is as per the encoding
mentioned here https://www.fileformat.info/info/unicode/char/e9/index.htm
That is not a valid encoding for LDAP. Read RFC4511.
To further try out, I directly hardcoded the DN to
CN=mithun,OU=Groupes de S\u00e9curit\u00e9,DC=mytest,DC=net and that
worked fine. I want to understand why it fails when the DN in the same
format comes from the frontend app. Appreciate your help, thanks.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
5:56 p.m.
On Sun, Jan 31, 2021 at 5:49 PM Howard Chu <hyc(a)symas.com> wrote:
That is not a valid encoding for LDAP. Read RFC4511.
Thanks for responding but did not get you fully. RFC 4511 talks about
BER and ASN.1 encodings but here my issue with the actual value or the
data. BER and ASN.1 encoding should be taken care by the ldap client
library right? For me it works fine when I hard code the DN to
CN=mithun,OU=Groupes de S\u00e9curit\u00e9,DC=insaaadev,DC=net. It is
just that when the same value is coming from frontend, it is not
working.
If you do not mind, can you please tell me what should be the encoded
value for CN=mithun,OU=Groupes de Sécurité,DC=mytest,DC=net ?
Basically what is expected here for the ldap client?
Thanks
8:40 a.m.
On 2/2/21 2:56 AM, radiatejava wrote:
On Sun, Jan 31, 2021 at 5:49 PM Howard Chu <hyc(a)symas.com>
wrote:
> That is not a valid encoding for LDAP. Read RFC4511.
Thanks for responding but did not get you fully. RFC 4511 talks about
BER and ASN.1 encodings but here my issue with the actual value or the
data. BER and ASN.1 encoding should be taken care by the ldap client
library right?
Right.
For me it works fine when I hard code the DN to
CN=mithun,OU=Groupes de S\u00e9curit\u00e9,DC=insaaadev,DC=net.
Have a look at definition of valid LDAP string representations:
https://tools.ietf.org/html/rfc4514
It is just that when the same value is coming from frontend, it is
not working.
Fix your frontend. It seems to send a runtime-specific string
representation which is a not valid DN string representation as per RFC
4514.
If you do not mind, can you please tell me what should be the
encoded
value for CN=mithun,OU=Groupes de Sécurité,DC=mytest,DC=net ?
If you encode
CN=mithun,OU=Groupes de Sécurité,DC=mytest,DC=net
as valid UTF-8 everything should be just fine. At minimum you must
properly escape some special chars when generating DN parts from
arbitrary input values. Most LDAP libraries have decent functions for this.
Ciao, Michael.
1:15 a.m.
On 1/31/21 9:55 PM, radiatejava wrote:
I am using openldap client library 2.4.44 on Centos 7.3, LDAP v3
setting. I am having an issue with LDAP bind when the DN has encoded
representation of special characters like é (e acute). Actual DN is
CN=mithun,OU=Groupes de Sécurité,DC=mytest,DC=net and when it is sent
by the app (frontend) to our backend, it is coming as
CN=mithun,OU=Groupes de S\u00e9curit\u00e9,DC=insaaadev,DC=net.
This looks like some application-side munging of the DN, like e.g. a
Python string-representation of the Unicode character entities. Sending
this string to any LDAP server out there will not work.
Python 3.8.6 (default, Nov 09 2020, 12:09:06) >>> 'CN=mithun,OU=Groupes
de S\u00e9curit\u00e9,DC=insaaadev,DC=net'
'CN=mithun,OU=Groupes de Sécurité,DC=insaaadev,DC=net'
>>
Ciao, Michael.
963
days inactive
965
days old
openldap-technical@openldap.org
4 comments
3 participants
participants (3)
-
Howard Chu -
Michael Ströder -
radiatejava