Home > Archive > LDAP > November 2005 > Less than character in the DN?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Less than character in the DN?
|
|
| Eric Nichols 2005-11-16, 7:07 pm |
| This one is a bit strange. I am using Net::LDAP::LDIF to process a file. It
gets about halfway through the file and hangs up on a dn with a less than
character in it:
dn: cn="cn=<jon.doe@acme.com",ou=site,o=org
I am running .32 and did not see any ldif changes in .33..
Thoughts?
| |
| Peter Marschall 2005-11-21, 7:05 pm |
| Hi,
On Wednesday, 16. November 2005 16:50, Eric Nichols wrote:
> This one is a bit strange. I am using Net::LDAP::LDIF to process a file.
> It gets about halfway through the file and hangs up on a dn with a less
> than character in it:
>
> dn: cn="cn=<jon.doe@acme.com",ou=site,o=org
>
> I am running .32 and did not see any ldif changes in .33..
> Thoughts?
I tested the DN above with perl-ldap 0.33 using the simple LDIF
dn: cn="cn=<jon.doe@acme.com",ou=site,o=org
objectClass: organizationalRole
cn: "cn=<jon.doe@acme.com"
and the simple test script
#! /usr/bin/perl -w
use Net::LDAP::LDIF;
use Net::LDAP::Entry;
$in = Net::LDAP::LDIF->new('-', 'r');
while (defined(my $e = $in->read_entry())) {
$e->dump();
}
$in->done();
# EOF
and did not encunter any problems (neither in Linux i386 & Perl 5.8.7
nor in Linux x86_64 & Perl 5.8.3)
Please note that you not only have a < in the RDN, but a really complex string
surrounded by quotes. Do you have this exact value in the cn attribute ?
Hope it helps
Peter
--
Peter Marschall
eMail: peter@adpm.de
| |
| Eric Nichols 2005-11-24, 8:00 am |
| Hi Peter,
Thanks for getting back to me. My original example was wrong. The LDIF
parser seems to be failing on any data beginning with a 'less than' character.
Here is a better example:
dn: cn="<jon.doe@acme.com",ou=site,o=org
In addition the parser seems to stop if the data of an attribute begins with a
'<'.
sn: <doe
On Mon, November 21, 2005 12:50 pm, Peter Marschall wrote:
> Hi,
>
> On Wednesday, 16. November 2005 16:50, Eric Nichols wrote:
>
> I tested the DN above with perl-ldap 0.33 using the simple LDIF
>
> dn: cn="cn=<jon.doe@acme.com",ou=site,o=org
> objectClass: organizationalRole
> cn: "cn=<jon.doe@acme.com"
>
> and the simple test script
>
> #! /usr/bin/perl -w
>
> use Net::LDAP::LDIF;
> use Net::LDAP::Entry;
>
> $in = Net::LDAP::LDIF->new('-', 'r');
>
> while (defined(my $e = $in->read_entry())) {
> $e->dump();
> }
> $in->done();
>
> # EOF
>
> and did not encunter any problems (neither in Linux i386 & Perl 5.8.7
> nor in Linux x86_64 & Perl 5.8.3)
>
> Please note that you not only have a < in the RDN, but a really complex string
> surrounded by quotes. Do you have this exact value in the cn attribute ?
>
> Hope it helps
> Peter
>
> --
> Peter Marschall
> eMail: peter@adpm.de
>
| |
| Graham Barr 2005-11-24, 7:02 pm |
|
On Nov 24, 2005, at 7:59 AM, Eric Nichols wrote:
> Hi Peter,
> Thanks for getting back to me. My original example was wrong. The
> LDIF
> parser seems to be failing on any data beginning with a 'less than'
> character.
> Here is a better example:
>
> dn: cn="<jon.doe@acme.com",ou=site,o=org
>
> In addition the parser seems to stop if the data of an attribute
> begins with a
> '<'.
>
> sn: <doe
Well that is an error as < being the first character is supposed to
be followed by a file: URL to read the attribute contents from. But
it should not hang. $ldif->error should return an error string like
"unsupported URL type"
There have been some changes since 0.32. You can try the latest
LDIF.pm from the repository
http://svn.mutatus.co.uk/repos/perl...et/LDAP/LDIF.pm
Graham.
> On Mon, November 21, 2005 12:50 pm, Peter Marschall wrote:
>
>
| |
| Peter Marschall 2005-11-26, 7:02 pm |
| Hi,
On Thursday, 24. November 2005 15:19, Graham Barr wrote:
> On Nov 24, 2005, at 7:59 AM, Eric Nichols wrote:
>
> Well that is an error as < being the first character is supposed to
> be followed by a file: URL to read the attribute contents from. But
> it should not hang. $ldif->error should return an error string like
> "unsupported URL type"
>
> There have been some changes since 0.32. You can try the latest
> LDIF.pm from the repository
>
> http://svn.mutatus.co.uk/repos/perl...et/LDAP/LDIF.pm
Graham is right !
according to my tests the code in SVN does not silently fail.
With the input "cn:<joe" (note: no space between : and < ) it flags the error
"unsupported URL type at ldiftest2.pl line 10".
When the input is "cn: <joe" (note the space between : and < ) the LDIF
is accepted with cn having "<joe" (without the quotes).
IMHO this behaviour is the correct one.
Hope it helps
Peter
--
Peter Marschall
eMail: peter@adpm.de
| |
| Kurt D. Zeilenga 2005-11-26, 7:02 pm |
| At 10:24 AM 11/26/2005, Peter Marschall wrote:
>When the input is "cn: <joe" (note the space between : and < ) the LDIF
>is accepted with cn having "<joe" (without the quotes).
>
>IMHO this behaviour is the correct one.
I note that per RFC 2849, the string "cn: <joe" is an invalid
attrval-spec as SAFE-INIT-CHAR excludes '<'. It is, of course,
reasonable for an implementation to be liberal in what it accepts.
I see two reasonable ways to be liberal. One is to treat it has
you have, another would be to treat it as one would "cn:<joe".
I prefer the former way.
Additionally, I note that in:
dn: cn="<jon.doe@acme.com",ou=site,o=org
the DN string does not strictly adhere to the requirements
of draft-ietf-ldapbis-dn-xx.txt (approved as a Proposed
Standard, but not yet published), though implementations may
be liberal and accepting such strings. The quoting of naming
values is an LDAPv2ism. In LDAPv3, one of the following
(or variants) should be used:
dn: cn=\3Cjon.doe@acme.com,ou=site,o=org
dn: cn=\<jon.doe@acme.com,ou=site,o=org
Kurt
| |
| Eric Nichols 2005-11-28, 3:59 am |
| That version definitely helped the situation. The ldif file now processes
correctly. Many thanks for all the help and insight from everyone!
Hopefully we'll see a new version in CPAN with these enhancements <grin>
Thanks again
Eric.
On Thu, November 24, 2005 9:19 am, Graham Barr wrote:
> Well that is an error as < being the first character is supposed to
> be followed by a file: URL to read the attribute contents from. But
> it should not hang. $ldif->error should return an error string like
> "unsupported URL type"
>
> There have been some changes since 0.32. You can try the latest
> LDIF.pm from the repository
>
> http://svn.mutatus.co.uk/repos/perl...et/LDAP/LDIF.pm
>
>
> Graham.
>
|
|
|
|
|