Escaping of binary characters
Michael Ströder
michael at stroeder.com
Thu May 12 09:51:44 CEST 2005
Jens Vagelpohl wrote:
>
> But then again, even if he could use the DN, I suppose the real problem
> is that you cannot "round trip" the value. You can't just grab it from
> a search result and use it to formulate another query, even if you send
> it through ldap.escape_filter_chars, if I understand the problem
> correctly.
After all it seems to me the idea of "the right" implementation of
ldap.escape_filter_chars() is broken. Basically one has to escape the
assertion value based on subschema knowledge (the LDAPSyntax here).
Note: I'm rather scared of escaping all chars by default since it could
also break interoperability with some badly implemented LDAP servers.
My suggestion for a workaround is to add both implementations and let
the application developer decide which to use. We could make the
differences clear in the __doc__ string.
This could be achieved by a flag passed as arg to ldap.escape_filter_chars()
def escape_filter_chars(assertion_value,escape_all_chars=0):
A schema-aware application could simply set this flag if it determines
that the assertion attribute has a syntax which is not human-readable.
Ciao, Michael.
More information about the python-ldap
mailing list