Escaping of binary characters

Mark Hammond mhammond at
Mon May 9 15:16:06 CEST 2005

	I'm using python-ldap in conjunction with Zope and the LDAPUserFolder
product to talk to a Windows Active Directory server.  One of the objects I
am trying to fetch via LDAP is objectGUID - a binary value.

It seems to me that the current implementation of
ldap.filters.escape_filter_chars is too conservative in choosing the
characters to escape.

For example, escape_filter_chars("\x01") currently returns "\x01" (ie, the
value as passed in), where it would be better if it returned "\\01" (ie 3
characters in total).  I believe this still conforms to RFC2254.

I have provided a sample implementation at - the patch there
escapes all non-printable characters.  Once this patch is in place, I can
query this binary objectGUID attribute, and all other testing appears to
work fine (as you would expect though - most of my testing involves
printable characters ;).  The existing tests all still pass (but I struggled
to create a test-case that failed.)

As a side-note, I did test extended characters (and saw this in your recent
archives).  An extended character entered in the Windows ADSI UI is
reflected correctly in my browser via Zope.  I'd say this is a good
indication that the utf-8 escaping is working correctly.



More information about the python-ldap mailing list