kdc ldap plugin code
Jim Shi
hanmao_shi at apple.com
Tue Sep 11 11:11:03 EDT 2012
Greg,
I think these characters are not allowed in DN (hence need escaped) in openldap.
Thanks
Jim
On Sep 10, 2012, at 8:57 PM, Greg Hudson wrote:
> On 09/10/2012 06:05 PM, Jim Shi wrote:
>> We need escape a few more special characters in the file "ldap_realm.c",
>> subroutine:
>> char *
>> ldap_filter_correct (char *in)
>>
>> See the attached patch. I added four more characters to escape: '+',
>> '#', ';', ',' .
>
> Why is this needed? RFC 4515 section 3 implies that only NUL, ESC, and
> ()* need to be escaped in a search filter assertionvalue production.
>
> I agree that krb5_ldap_put_principal needs to use ldap_filter_correct
> when constructing the filter expression. I'm not sure about the
> standalone principal dn yet.
>
More information about the krbdev
mailing list