httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stusynski, Dan" <dstusyn...@ptc.com>
Subject Apache - MS LDAPSDK with multi-byte DN
Date Wed, 16 Jul 2008 20:13:03 GMT
Hello devs,

It would appear that the MS LDAP SDK has an issue when Apache is compiled against it.

Our Apache 2.2.9 compiled with VC6 on Windows against the MS LDAP SDK seems to have an issue
when searching for a DN that contains multibyte characters (non ascii), in this case a Chinese
character. The ldap_search_ext_s(...) from util_ldap.c returns with a USER_NOT_FOUND. 

For example, assuming a user exists in LDAP with a UID=testMBUser with a DN:
cn=t我st,cn=test,ou=test1,ou=people,cn=myLdapBranch,cn=TestEnvironment,o=testerGroup

The end node of cn= is the value of "t(multi-byte chinese character 'wo')st". When searching
for this user the search fails.

I adding some additional log output during a test compile to check the DN that is getting
used/returned in util_ldap.c of Apache after the MS LDAP SDK call to ldap_search_ext_s(...).
It seems to be returning a DN that gets output as cn=t?st,cn=test,ou=test1... The multi-byte
character is getting returned as a ?. 

This seems to be further supported by doing a TCP/IP capture (with WireShark) that shows the
connection is initially bound to LDAP with the correct DN (the mutli-byte character is shown
in the capture), however, the search for the user later on in the capture appears to be using
the ? For the multi-byte character. 

Apache is compiled to support unicode by default from what I can tell.

A look at the ldap_search_ext_s API (http://msdn.microsoft.com/en-us/library/aa366972(VS.85).aspx)
says that the function is a wrapper around ldap_search_ext_sW (Unicode) and ldap_search_ext_sA
(ANSI) calls. 

For what it's worth I also did try using the ldap_search_ext_sW call directy inside the uldap_cache_checkuserid
function but that resulted in a filter error.

Has anyone experienced this before or is aware of some hidden MS LDAP SDK flag that one can
set.

Dan Stusynski 

Mime
View raw message