directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Endi S. Dewata (JIRA)" <>
Subject [jira] Commented: (DIRSERVER-756) Problem with escaped comma in DN
Date Wed, 04 Oct 2006 18:20:31 GMT
    [ ] 
Endi S. Dewata commented on DIRSERVER-756:

Hi Emmanuel,

I think "cn=Bush, Kate,dc=example,dc=com" is not the correct normalized form because it cannot
be parsed back into a valid DN. Also, when I try to view the above entry in ADS using Softerra
browser, it produced an error because the DN is invalid.

I have run the same test against OpenLDAP, the difference is that OpenLDAP will convert the
escaped comma into \2C which works well with the Softerra browser. So this is definitely an
ADS problem, not a client problem.

Here's an excerpt from RFC 2253 ( section 2.4:

   If the UTF-8 string does not have any of the following characters
   which need escaping, then that string can be used as the string
   representation of the value.

    o   a space or "#" character occurring at the beginning of the

    o   a space character occurring at the end of the string

    o   one of the characters ",", "+", """, "\", "<", ">" or ";"

   Implementations MAY escape other characters.

   If a character to be escaped is one of the list shown above, then it
   is prefixed by a backslash ('\' ASCII 92).

   Otherwise the character to be escaped is replaced by a backslash and
   two hex digits, which form a single byte in the code of the

> Problem with escaped comma in DN
> --------------------------------
>                 Key: DIRSERVER-756
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: pre-1.0, 1.0-RC4
>            Reporter: Endi S. Dewata
> 1. Add the following entry:
> ldapadd -h localhost -p 10389 -D uid=admin,ou=system -w secret -x
> dn: cn=Dewata\, Endi,ou=Users,ou=system
> objectClass: person
> cn: Dewata, Endi
> sn: Dewata
> 2. Search the entry:
> ldapsearch -h localhost -p 10389 -D uid=admin,ou=system -w secret -x -b "ou=system"
> #
> dn: cn=Dewata, Endi,ou=Users,ou=system
> objectclass: person
> objectclass: top
> sn: Dewata
> cn: Dewata, Endi
> The escape character (\) is missing from the DN, causing it to become invalid.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message