I've been trying to research how to correctly escape search
filters, and I
can't find any single
reliable source that makes sense.
I look at RFC 2253 (
http://www.ietf.org/rfc/rfc2253.txt) section 2.4,
and this IBM webpage (
http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rz...
),
and they both seem to suggest that you need to escape (for example) the
'+'
sign.
But when I escape a search filter like this:
(&(objectclass=person)(facsimileTelephoneNumber=+1234))
to this:
(&(objectclass=person)(facsimileTelephoneNumber=\+1234))
it results in a bad filter.
My hunch is that perhaps DNs, attribute names, and attribute values are
all
escaped different.
Is there a simple explanation online on how to escape search filters?
RFC2253 was about string representation of DN, not filters. RFC2254 was
about search filters. They are both deprecated. See RFC4510 for a list
of RFCs related to the current specification of LDAP. In any case, '+'
does not need any escaping in search filters. Escaping requires '\' +
two-digit hex representation of escaped octet; in your case, '\2B'.
p.