ldap_explode_dn is broken
Michael Ströder
michael at stroeder.com
Fri Jul 16 09:49:39 CEST 2004
yoel at emet.co.il wrote:
>
> Please note that ldap_explode_dn is broken in recent minor versions of
> OpenLdap (it worked properly with 2.2.6 bot not with 2.2.13/14). For DN
> parts with multipe EQUALS ('=') the C library returns NULL regardless of
> the content of the DN. Python-ldap raises an exception.
Testing...
>>> from ldap import explode_dn
>>> explode_dn('cn=Michael Stroeder,dc=stroeder,dc=de')
['cn=Michael Stroeder', 'dc=stroeder', 'dc=de']
>>> explode_dn('cn=Michael = Stroeder')
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 117, in
explode_dn
return _ldap_function_call(_ldap.explode_dn,dn,notypes)
File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 57, in
_ldap_function_call
result = func(*args,**kwargs)
ldap.LDAPError: (11, 'Resource temporarily unavailable')
>>> explode_dn('cn=Michael \= Stroeder')
['cn=Michael \\3D Stroeder']
>>>
All cases look good to me...
> Exaples of such DNs: cn=uid=yoel_o=org,o=org
This is not a valid DN anyway. It looks like produced by an erronous
application.
>>> explode_dn('cn=uid=yoel_o=org,o=org')
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 117, in
explode_dn
return _ldap_function_call(_ldap.explode_dn,dn,notypes)
File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 57, in
_ldap_function_call
result = func(*args,**kwargs)
ldap.LDAPError: (2, 'No such file or directory')
Well, the error message is misleading I have to admit. But that
ldap.explode_dn() fails here is correct.
The equal sign '=' has to be escaped with a back-slash '\'. See RFC2253 or
draft-ietf-ldapbis-dn.
>>> explode_dn('cn=uid\=yoel_o\=org,o=org')
['cn=uid\\3Dyoel_o\\3Dorg', 'o=org']
>>>
Ciao, Michael.
More information about the python-ldap
mailing list