Escaping of binary characters

Michael Ströder michael at
Thu May 12 09:51:44 CEST 2005

Jens Vagelpohl wrote:
> But then again, even if he could use the DN, I suppose the real  problem
> is that you cannot "round trip" the value. You can't just  grab it from
> a search result and use it to formulate another query,  even if you send
> it through ldap.escape_filter_chars, if I understand  the problem
> correctly.

After all it seems to me the idea of "the right" implementation of
ldap.escape_filter_chars() is broken. Basically one has to escape the
assertion value based on subschema knowledge (the LDAPSyntax here).

Note: I'm rather scared of escaping all chars by default since it could
also break interoperability with some badly implemented LDAP servers.

My suggestion for a workaround is to add both implementations and let
the application developer decide which to use. We could make the
differences clear in the __doc__ string.

This could be achieved by a flag passed as arg to ldap.escape_filter_chars()

def escape_filter_chars(assertion_value,escape_all_chars=0):

A schema-aware application could simply set this flag if it determines
that the assertion attribute has a syntax which is not human-readable.

Ciao, Michael.

More information about the python-ldap mailing list