Re[2]: [Exim] Bug in quote_ldap?

Pàgina inicial
Delete this message
Reply to this message
Autor: Peter A. Savitch
Data:  
A: Philip Hazel
Assumpte: Re[2]: [Exim] Bug in quote_ldap?
Hello Philip,

Wednesday, June 05, 2002, 12:51:18 PM, you wrote:

PH> On 24 May 2002 michael@??? wrote:


[snip]

PH> I need advice from LDAP experts here. My understanding was that there
PH> are two levels of quoting required, and that what should happen is this:


PH> 1. LDAP quoting is applied to the string.
PH> 2. URL quoting is applied to the result. In particular, the backslashes
PH>    that are used for LDAP quoting get turned into %5C.


PH> The unquoting then works in reverse: first the URL quoting is removed,
PH> and then you have an LDAP query which has its own quoting.


PH> Have I got this wrong?


I'm not an LDAP expert, but I see the following (RFC 1485, RFC 2253).

1. LDAP DN quoting and LDAP URL quoting are DIFFERENT things.
DN quoting is the "inner", URL is "outer" ones, Michael is right.

2. LDAP search filters are also need escaping (RFC 2254).
===cut===
If a value should contain any of the following characters:

   *               0x2a
   (               0x28
   )               0x29
   \               0x5c
   NUL             0x00


the character must be encoded as the backslash '\' character (ASCII
0x5c) followed by the two hexadecimal digits representing the ASCII
value of the encoded character. The case of the two hexadecimal
digits is not significant.
...
Other characters besides the ones listed above may be escaped using
this mechanism, for example, non-printing characters.
===cut===

I don't see an Exim function to deal with it.

3. LDAP has a lot of UTF8-related staff. I've got no clear view on how
can Exim deal with it.

So, we need the following functions:

1. `quote_ldapdn' (I prefer this to `quote_dnstring')
2. `quote_url' (or `quote_ldapurl') which is equivalent to `quote_ldap'
3. an old-style `quote_ldap' for backwards-compatibility.
4. `hexquote' (or `quote_hex') much like `rxquote', but escapes
non-alphanumeric characters with their ASCII hex values preceeded
by a backslash. See RFC 2254.
I.e. `a*string' becomes `a\2Astring'.

LDAP seems to be the only one Exim thing which uses URLs. If the
behavior of `quote_ldap' is general enough, it may have the name
`quote_url' or `url_encode'. May be it's usefull to have `url_decode'
(or `unquote_url').

And two more LDAP-related questions.

1. Is it possible (reasonable) to get the matched DN as a regular `dn'
attribute from the result of lookup `ldap' instead of performing
another `ldapdn' lookup ?

2. Philip, if You remember, I have sent You a message with some
patching code regarding UNIX sockets for OpenLDAP2 (ldapi:// URL
scheme). Have You read it?

--
Best regards,
 Peter                            mailto:spam4octan@highway.ru