FYI: Solved problems with NON-ASCII chars in DN when using OpenLDAP 2.1.x libs.
Michael Ströder
michael at stroeder.com
Thu Jul 11 19:54:51 CEST 2002
Michael Ströder wrote:
>
> 1. Solve problems with NON-ASCII chars in DN when using OpenLDAP
> 2.1.x libs.
Now this turned out to be a problem with ldap.explode_dn() and
errornous handling of NON-ASCII chars in DNs (e.g. for search
root) in OpenLDAP servers 1.x and 2.0.x.
Unlike former versions ldap_explode_dn() returns escaped values if
the DN of OpenLDAP 2.1.x returns contains NON-ASCII chars. This is
valid according to RFC2253 but causes compability problems with
old OpenLDAP servers. The older OpenLDAP servers do not match the
escaped values in DNs properly.
See the following trace log of a situation hitting in web2ldap
when accessing OpenLDAP 2.0.x (it works e.g. against Netscape
Directory 4.1x):
*** _ldap.<built-in function explode_dn> (('cn=Michael
>Str\xc3\xb6der+mail=michael at stroeder.com,ou=Testing,dc=stroeder,dc=com',
>0),{})
>=> result: ['cn=Michael Str\\C3\\B6der+mail=michael at stroeder.com',
>'ou=Testing', 'dc=stroeder', 'dc=com']
>*** ldap.ldapobject.SimpleLDAPObject.search (('cn=Michael
>Str\\C3\\B6der+mail=michael at stroeder.com,ou=Testing,dc=stroeder,dc=com',
>0, '(objectclass=*)', ['cn'], 0),{})
>=> result: 1
>*** ldap.ldapobject.SimpleLDAPObject.result ((1, 1, -1),{})
>=> LDAPError: {'info': '', 'matched':
>'ou=Testing,dc=stroeder,dc=com', 'desc': 'No such object'}
Note also that ldap_explode_dn() is marked as deprecated in
OpenLDAP 2.1.x's ldap.h.
Ciao, Michael.
More information about the python-ldap
mailing list