directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Pb with escaped values in attributes, more...
Date Mon, 06 Jun 2011 14:48:37 GMT
Hi guys,

in fact, we have a serious issue in the way we process DNs and RDns.

Let me explain.

Suppose you have a DN like : "cn=John\+Doe,ou=system"

What happens is that the RDN will be parsed by the ComplexDnParser which 
will create a RDN containing two values :
- the upValue ( cn=John\+Doe )
- the normValue ( cn=John+Doe )

So far, so good. Except that when we process the AVA, we 'normalize' it 
in order to be able to expose an escaped form (ie, where special chars 
like '+' are prefixed with an '\'). That reverts the previous value (ie 
John+Doe) and replace it with the escaped value (ie John\+Doe).

Now, we can't anymore do a comparison between "John+Doe" and 
"John\+Doe", like, for instance, when we check that the RDN is present 
as an AT in the entry (if the OC is 'person', the entry *must* have a 
cn: john+doe Attribute and Value), leading to an error.

The big mistake was to have only one method to cover two features. The 
Ava.normalize() method do the escaping in order to produce a DN which is 

This is not necessarily a complex issue to fix, but it needs some work. 
Note that it impacts a lot of parts in the server and the API.

Add to that the fact that the normalization should also use the 
SchemaManager to correctly transform the value, accordingly to the AT, 
we have some painful cleanup to do in this area...

Emmanuel L├ęcharny

View raw message