Front page | perl.ldap |
Postings from July 2011
Le 20 juillet 2011 12:24, Chris Ridd <chrisridd@mac.com> a écrit :
>
> On 20 Jul 2011, at 10:02, Clément OUDOT wrote:
>
>> Hi,
>>
>> I have a piece of code where I build a search filter with some
>> variables, like this:
>>
>> my $searchFilter =
>> "(&(objectClass=" . $portal->{ldapGroupObjectClass} . ")(|";
>> foreach ( split( $portal->{multiValuesSeparator}, $value ) ) {
>> $searchFilter .= "(" . $key . "=" . $_ . ")";
>> }
>> $searchFilter .= "))";
>>
>> This works well, excepted when the value (in the key=value syntax)
>> contains a backslash ('\'). This is the case for example if the value
>> is a DN like this : cn=OUDOT\, Clement, ou=users, dc=example, dc=com
>>
>> To make this works, I added this line :
>>
>> $searchFilter =~ s/\\/\\\\/;
>>
>>
>> My question: is this a bug in my code, or can this be a Perl-LDAP bug?
>> I am using version 0.4001.
>
> I think it is a bug in your code :-(
>
> LDAP search filter strings consider certain characters as "special" when used in assertion values, so there is an escape mechanism defined - which is to use backslash and the hex-encoding of the character (eg \xx) or backslash and a single character (eg \c).
>
> So your $_ value needs to be escaped correctly before inserting it into an LDAP filter string. You need to escape more than backslashes - what if your input value was ")"? Doing a subsequent regexp replace of \ to \\ is not really robust.
>
> RFC 4515 should list all the characters that you have to escape. Actually, the Net::LDAP::Filter documentation lists them as well :-)
>
> You could also consider building your filter using Net::LDAP::Filter instead of as a string.
Hi,
I will have a look to Net::LDAP::Filter, but I see in Net::LDAP that a
new Net::LDAP::Filter is created in the search subroutine when filter
is a string. Why do the Net::LDAP::Filter object do not escape the
special characters from the string? Am I misunderstanding the code?
Clément.
Thread Previous
|
Thread Next