httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: [users@httpd] LDAP authorisation with Unicode in the Base DN
Date Tue, 20 Jan 2009 00:45:36 GMT
On Mon, Jan 19, 2009 at 7:06 PM, Craig McQueen
<mcqueen-c@edsrd1.yzk.co.jp> wrote:
> Eric Covener wrote:
>
> On Mon, Dec 22, 2008 at 10:21 PM, Craig McQueen
> <mcqueen-c@edsrd1.yzk.co.jp> wrote:
>
>
> I'm trying to do LDAP authorisation with an Active Directory server, and the
> "Base DN" has Japanese characters in it. This should be no problem, but I
> can't get it to work.
>
> The Base DN is something like:
> OU=裾野,OU=管理,DC=edsrd00,DC=local
> The corresponding LDAP URL is something like:
> AuthLDAPURL
> "ldap://server:389/OU=\e8\a3\be\e9\87\8e,OU=\e7\ae\a1\e7\90\86,DC=edsrd00,DC=local?sAMAccountName?sub?(objectClass=*)"
> NONE
>
> I think it has the Japanese characters specified in proper RFC 2255 format.
> So I think there is a problem in the LDAP authentication module in properly
> sending the queries with UTF-8 content in the base DN. The error.log file
> says "[ldap_search_ext_s() for user failed][No Such Object]" which seems to
> indicate that the LDAP server isn't getting a valid base DN.
>
> Any insights on this?
>
>
> packet trace would tell you what was put in the wire compared to a
> working command-line search.
>
>
> I finally got a chance to check this out with Wireshark. I found that the
> Apache server is just putting the URI on the wire as given, backslashes and
> numbers and all. So I guess it's not parsing the backslash codes as RFC 2255
> specifies.
>
> Does this mean I should submit a bug report?

The RFC URL-escapes everything, have you tried that syntax? APR seems
to know something about that.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message