FYI: Solved problems with NON-ASCII chars in DN when using OpenLDAP 2.1.x libs.
Joe Little
jlittle at open-it.org
Thu Jul 11 21:38:25 CEST 2002
I've worked with the latest CVS code a bit. Hope to have more code to push it soon. I did note the new 2.1.3 update too, and saw the libldap_r build fix. Did you get a separate email from Kurt saying that it was going to be addressed in a 2.0.x release as well?
On Thursday, July 11, 2002, at 10:54 AM, Michael Ströder wrote:
> Michael Ströder wrote:
>> 1. Solve problems with NON-ASCII chars in DN when using OpenLDAP
>> 2.1.x libs.
>
> Now this turned out to be a problem with ldap.explode_dn() and errornous handling of NON-ASCII chars in DNs (e.g. for search root) in OpenLDAP servers 1.x and 2.0.x.
>
> Unlike former versions ldap_explode_dn() returns escaped values if the DN of OpenLDAP 2.1.x returns contains NON-ASCII chars. This is valid according to RFC2253 but causes compability problems with old OpenLDAP servers. The older OpenLDAP servers do not match the escaped values in DNs properly.
>
> See the following trace log of a situation hitting in web2ldap when accessing OpenLDAP 2.0.x (it works e.g. against Netscape Directory 4.1x):
>
> *** _ldap.<built-in function explode_dn> (('cn=Michael
> >Str\xc3\xb6der+mail=michael at stroeder.com,ou=Testing,dc=stroeder,dc=com',
> >0),{})
> >=> result: ['cn=Michael Str\\C3\\B6der+mail=michael at stroeder.com',
> >'ou=Testing', 'dc=stroeder', 'dc=com']
> >*** ldap.ldapobject.SimpleLDAPObject.search (('cn=Michael
> >Str\\C3\\B6der+mail=michael at stroeder.com,ou=Testing,dc=stroeder,dc=com',
> >0, '(objectclass=*)', ['cn'], 0),{})
> >=> result: 1
> >*** ldap.ldapobject.SimpleLDAPObject.result ((1, 1, -1),{})
> >=> LDAPError: {'info': '', 'matched':
> >'ou=Testing,dc=stroeder,dc=com', 'desc': 'No such object'}
>
> Note also that ldap_explode_dn() is marked as deprecated in OpenLDAP 2.1.x's ldap.h.
>
> Ciao, Michael.
>
>
>
>
More information about the python-ldap
mailing list