directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSTUDIO-1078) unable to use # pound hash sign in LDAP filters
Date Wed, 09 Dec 2015 12:39:11 GMT

    [ https://issues.apache.org/jira/browse/DIRSTUDIO-1078?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15048614#comment-15048614
] 

Emmanuel Lecharny commented on DIRSTUDIO-1078:
----------------------------------------------

(Move my previous reply in a real comment, to keep some formatting)

To be clear, let's go back to your example, {{cn=before#after}}. Here, the '#' is inside the
DN's value. As such, it can be parsed using the {{RFC4514}} grammar :

{noformat}
cn=before#after matches
    attributeTypeAndValue = attributeType EQUALS attributeValue

cn matches 
    attributeType = descr / numericoid

before#after matches
    attributeValue = string / hexstring

before#after matches 
    string =   [ ( leadchar / pair ) [ *( stringchar / pair ) ( trailchar / pair ) ] ]

'b' matches 
    [ ( leadchar / pair )...
    leadchar = LUTF1 / UTFMB

'b' matches 
    LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A /
         %x3D / %x3F-5B / %x5D-7F

'e', 'f', 'o', 'r', 'e', '#' (and the following chars) match
    ...[ *( stringchar / pair )..
    stringchar = SUTF1 / UTFMB
    SUTF1 = %x01-21 / %x23-2A / %x2D-3A /
         %x3D / %x3F-5B / %x5D-7F
{noformat}

so in this case, you can keep a '#' as is (ie, no escaping is needed).

Now, consider {{cn=#before}} :

{noformat}
cn=cn=#before matches
    attributeTypeAndValue = attributeType EQUALS attributeValue

cn matches 
    attributeType = descr / numericoid

#before matches
    attributeValue = string / hexstring

#before matches 
    string =   [ ( leadchar / pair ) [ *( stringchar / pair ) ( trailchar / pair ) ] ]

'#' does not match 
    [ ( leadchar / pair ) ...
    leadchar = LUTF1 / UTFMB
    LUTF1 = %x01-1F / %x21 / %x24-2A / %x2D-3A /
         %x3D / %x3F-5B / %x5D-7F
    pair = ESC ( ESC / special / hexpair )
{noformat}

so this is not a valid DN. The leading '#' *must* be escaped using '\#', and the DN will then
be {{cn=\#before}}

Now, this (escaped) DN might be used in a Filter, where the '\' char *must* be escaped itself,
per :

{noformat}
assertionvalue = valueencoding
valueencoding  = 0*(normal / escaped)
normal         = UTF1SUBSET / UTFMB
escaped        = ESC HEX HEX
UTF1SUBSET     = %x01-27 / %x2B-5B / %x5D-7F
{noformat}

{noformat}
cn=\#before matches 
    assertionvalue = valueencoding

cn=\#before matches 
    valueencoding  = 0*(normal / escaped)

'c', 'n', '=' match
    normal         = UTF1SUBSET / UTFMB
    UTF1SUBSET     = %x01-27 / %x2B-5B / %x5D-7F

'\' matches 
    escaped        = ESC HEX HEX
{noformat}

but here, the following '#' and 'b' are not HEX chars, so we must transform the '\' to '\',
'5', 'C'...

> unable to use # pound hash sign in LDAP filters
> -----------------------------------------------
>
>                 Key: DIRSTUDIO-1078
>                 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1078
>             Project: Directory Studio
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M9 (2.0.0.v20150606-M9)
>            Reporter: Sorin Sbarnea
>
> It seems impossible to perform searches that to use # sign inside. Tried to add them,
not escaped, escaped with single or double backslash but none of these approaches worked.

> Example
> {code}
> (&(objectClass=group)(displayName=*)(|(memberOf:1.2.840.113556.1.4.1941:=CN=\\#SOME,OU=Groups,OU=EMEA,DC=example,DC=net)))
> (&(objectClass=group)(displayName=*)(|(memberOf:1.2.840.113556.1.4.1941:=CN=\#SOME,OU=Groups,OU=EMEA,DC=example,DC=net)))
> (&(objectClass=group)(displayName=*)(|(memberOf:1.2.840.113556.1.4.1941:=CN=#SOME,OU=Groups,OU=EMEA,DC=example,DC=net)))
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message