kdc ldap plugin code
Greg Hudson
ghudson at MIT.EDU
Mon Sep 10 23:57:43 EDT 2012
On 09/10/2012 06:05 PM, Jim Shi wrote:
> We need escape a few more special characters in the file "ldap_realm.c",
> subroutine:
> char *
> ldap_filter_correct (char *in)
>
> See the attached patch. I added four more characters to escape: '+',
> '#', ';', ',' .
Why is this needed? RFC 4515 section 3 implies that only NUL, ESC, and
()* need to be escaped in a search filter assertionvalue production.
I agree that krb5_ldap_put_principal needs to use ldap_filter_correct
when constructing the filter expression. I'm not sure about the
standalone principal dn yet.
More information about the krbdev
mailing list