ldap_explode_dn is broken

Michael Ströder michael at stroeder.com
Fri Jul 16 09:49:39 CEST 2004


yoel at emet.co.il wrote:
> 
> Please note that ldap_explode_dn is broken in recent minor versions of
> OpenLdap (it worked properly with 2.2.6 bot not with 2.2.13/14). For DN
> parts with multipe EQUALS ('=') the C library returns NULL regardless of
> the content of the DN. Python-ldap raises an exception.

Testing...

 >>> from ldap import explode_dn
 >>> explode_dn('cn=Michael Stroeder,dc=stroeder,dc=de')
['cn=Michael Stroeder', 'dc=stroeder', 'dc=de']
 >>> explode_dn('cn=Michael = Stroeder')
Traceback (most recent call last):
   File "<stdin>", line 1, in ?
   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 117, in 
explode_dn
     return _ldap_function_call(_ldap.explode_dn,dn,notypes)
   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 57, in 
_ldap_function_call
     result = func(*args,**kwargs)
ldap.LDAPError: (11, 'Resource temporarily unavailable')
 >>> explode_dn('cn=Michael \= Stroeder')
['cn=Michael \\3D Stroeder']
 >>>

All cases look good to me...

> Exaples of such DNs: cn=uid=yoel_o=org,o=org

This is not a valid DN anyway. It looks like produced by an erronous 
application.

 >>> explode_dn('cn=uid=yoel_o=org,o=org')
Traceback (most recent call last):
   File "<stdin>", line 1, in ?
   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 117, in 
explode_dn
     return _ldap_function_call(_ldap.explode_dn,dn,notypes)
   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 57, in 
_ldap_function_call
     result = func(*args,**kwargs)
ldap.LDAPError: (2, 'No such file or directory')

Well, the error message is misleading I have to admit. But that 
ldap.explode_dn() fails here is correct.

The equal sign '=' has to be escaped with a back-slash '\'. See RFC2253 or 
draft-ietf-ldapbis-dn.

 >>> explode_dn('cn=uid\=yoel_o\=org,o=org')
['cn=uid\\3Dyoel_o\\3Dorg', 'o=org']
 >>>

Ciao, Michael.



More information about the python-ldap mailing list