grouper-dev - Re: [grouper-dev] handling quoted relative ldap dns ?
Subject: Grouper Developers Forum
List archive
- From: "Scott D. Williams" <>
- To:
- Subject: Re: [grouper-dev] handling quoted relative ldap dns ?
- Date: Wed, 11 Nov 2009 22:17:00 -0500
- Organization: ITS Identity Management
Hi Tom,
I recently discovered the black magic required to properly escape (jndi) forward slashes in a DN so that they may be used by JNDI/VT libs without throwing the InvalidNameException. I have verified this w/OpenLdap only, so far...
String groupCn = "example/cn/with/slashes";
String groupDn = "cn=" + groupCn + ",ou=groups,dc=edu";
String memberDn = "uid=randomguy,ou=people,dc=edu";
Attributes A = new BasicAttributes( "cn", groupCn );
A.put("objectclass", "groupOfNames");
A.put("member", memberDn );
// escape dn only, not cn attribute itself
groupDn = groupDn.replace("/", "\\/");
VTLdapObject.create(groupDn, A);
Hope this helps,
Scott
Tom Zeller wrote:
Hi folks,
Ldappc needs to construct a Name from a String dn, and I'm looking for
a better way to handled quoted relative names.
For example, I've observed that Active Directory will return
"CN=Quoted/Name",DC=edu
if a dn component contains the JNDI forward slash (/) character.
An InvalidNameException is thrown if construct a Name using LdapName :
Name name = new javax.naming.ldap.LdapName(dn).
javax.naming.InvalidNameException: Invalid name: "cn=Quoted/Name",DC=edu
at javax.naming.ldap.Rfc2253Parser.parseAttrType(Rfc2253Parser.java:130)
at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:83)
at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:45)
at javax.naming.ldap.LdapName.parse(LdapName.java:772)
at javax.naming.ldap.LdapName.<init>(LdapName.java:108)
If I construct a Name via :
Name name = new javax.naming.CompositeName().add(dn)
then the quotes are escaped and the resultant dn is
"\"CN=Quoted/Name\",DC=edu"
which is incorrect.
Previously, ldappc removed starting and ending quotes from a dn
component. I've written a search result handler suitable for vt-ldap
to reproduce this behavior which deployers can toggle.
I'm surprised that I'm having to spend time figuring out ldap and jndi
metacharacters (well not that surprised), and I assume there's some
solution I'm just not familiar with.
Thanks,
TomZ
- handling quoted relative ldap dns ?, Tom Zeller, 11/09/2009
- Re: [grouper-dev] handling quoted relative ldap dns ?, Scott D. Williams, 11/11/2009
- Re: [grouper-dev] handling quoted relative ldap dns ?, Tom Zeller, 11/12/2009
- Re: [grouper-dev] handling quoted relative ldap dns ?, Scott D. Williams, 11/11/2009
Archive powered by MHonArc 2.6.16.