Discussion:
"Bad search filter"?
Luis Neves
2010-04-23 10:56:54 UTC
Permalink
Hello,

Can someone confirm this error please?

Try to make a ldapsearch agains any attribute on a ldap directory with this filter please:

'Cart\xC3\xA3o'

Iam geting "bad search filter' because of the '\x'. But I need this search working to be able to query a X.509 Certificate field.

mod_authz_ldap is giving errors because of this

Regards,
Luis


_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969
Philip Guenther
2010-04-23 20:32:06 UTC
Permalink
Post by Luis Neves
Can someone confirm this error please?
'Cart\xC3\xA3o'
Iam geting "bad search filter' because of the '\x'. But I need this
search working to be able to query a X.509 Certificate field.
Indeed, that's not a valid value in an LDAP search filter. You need to
distinguish between the true value and *an* encoded value and make sure
you're using the correct encoding for the protocol or format. In this
case,
Cart\xC3\xA3o

is the value as encoded by openssl's x509 code for displaying DNs. The
true value consists of the UTF-8 representation of the letters 'C', 'a',
'r', 't', 'a with tilde', and 'o'. To include that in an LDAP search
filter, you need to follow the rules in RFC 4515. If you do that, you
get:
Cart\C3\A3o

That's an easy one, but other encodings have more baggage, like RFC 2047's
encoding for email header fields, in which this would be:
=?utf-8?q?Cart=C3=A3o?=

(If you consider the character to be the true value, independent of the
charset used, then you might consider this:
=?iso-8859-1?q?Cart=E3o?=
to be the same...)


Philip Guenther
Emmanuel Lecharny
2010-04-23 15:41:37 UTC
Permalink
Post by Luis Neves
Hello,
Can someone confirm this error please?
'Cart\xC3\xA3o'
Iam geting "bad search filter' because of the '\x'. But I need this search working to be able to query a X.509 Certificate field.
Remove the 'x'.
'Cart\C3\A3o'
Post by Luis Neves
mod_authz_ldap is giving errors because of this
Regards,
Luis
_________________________________________________________________
Hotmail: Powerful Free email with security by Microsoft.
https://signup.live.com/signup.aspx?id=60969
--
Regards,
Cordialement,
Emmanuel Lécharny
www.nextury.com
Loading...