ldap_explode_dn is broken

yoel at emet.co.il yoel at emet.co.il
Sat Jul 17 20:28:23 CEST 2004 

Actually it is not that clear from the RFC. It seems that future versions of OpenLdap will accept such a DN like that but will return then (in searches) with the EQUALs escaped.

Thank you for the replies.

----- Original Message -----
From: Michael Ströder <michael at stroeder.com>
Date: Friday, July 16, 2004 10:49 am
Subject: Re: ldap_explode_dn is broken

> yoel at emet.co.il wrote:
> > 
> > Please note that ldap_explode_dn is broken in recent minor 
> versions of
> > OpenLdap (it worked properly with 2.2.6 bot not with 2.2.13/14). 
> For DN
> > parts with multipe EQUALS ('=') the C library returns NULL 
> regardless of
> > the content of the DN. Python-ldap raises an exception.
> 
> Testing...
> 
> >>> from ldap import explode_dn
> >>> explode_dn('cn=Michael Stroeder,dc=stroeder,dc=de')
> ['cn=Michael Stroeder', 'dc=stroeder', 'dc=de']
> >>> explode_dn('cn=Michael = Stroeder')
> Traceback (most recent call last):
>   File "<stdin>", line 1, in ?
>   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 
> 117, in 
> explode_dn
>     return _ldap_function_call(_ldap.explode_dn,dn,notypes)
>   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 
> 57, in 
> _ldap_function_call
>     result = func(*args,**kwargs)
> ldap.LDAPError: (11, 'Resource temporarily unavailable')
> >>> explode_dn('cn=Michael \= Stroeder')
> ['cn=Michael \\3D Stroeder']
> >>>
> 
> All cases look good to me...
> 
> > Exaples of such DNs: cn=uid=yoel_o=org,o=org
> 
> This is not a valid DN anyway. It looks like produced by an 
> erronous 
> application.
> 
> >>> explode_dn('cn=uid=yoel_o=org,o=org')
> Traceback (most recent call last):
>   File "<stdin>", line 1, in ?
>   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 
> 117, in 
> explode_dn
>     return _ldap_function_call(_ldap.explode_dn,dn,notypes)
>   File "/usr/lib/python2.3/site-packages/ldap/functions.py", line 
> 57, in 
> _ldap_function_call
>     result = func(*args,**kwargs)
> ldap.LDAPError: (2, 'No such file or directory')
> 
> Well, the error message is misleading I have to admit. But that 
> ldap.explode_dn() fails here is correct.
> 
> The equal sign '=' has to be escaped with a back-slash '\'. See 
> RFC2253 or 
> draft-ietf-ldapbis-dn.
> 
> >>> explode_dn('cn=uid\=yoel_o\=org,o=org')
> ['cn=uid\\3Dyoel_o\\3Dorg', 'o=org']
> >>>
> 
> Ciao, Michael.
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: yoel.vcf
Type: text/x-vcard
Size: 225 bytes
Desc: Card for <yoel at emet.co.il>
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20040717/e4453ac6/attachment.vcf>

More information about the python-ldap mailing list