如何在Active Directory筛选器中转义逗号? [英] How should I escape commas in Active Directory filters?

问题描述

我正在使用python-ldap查询Active Directory

I'm using python-ldap to query Active Directory

我有这个DN

CN=Whalen\, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net

这可以很好地用作查询的基础，但是如果我尝试在这样的搜索过滤器中使用它

That works fine as a base in a query, but if I try to use it in a search filter like this

(&(objectClass=group)(memberof:1.2.840.113556.1.4.1941:=CN=Whalen\, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net))

我收到一个Bad search filter错误.根据我的测试，即使我使用反斜杠(\)进行了转义，CN中的逗号似乎也是罪魁祸首.但是， Microsoft文档作为需要在过滤器中转义的字符.

I get a Bad search filter error. From my testing, the comma in the CN seems to be the culprit, even though I escaped it with a backslash (\). But, comma isn't listed in the Microsoft documentation as a character that needs escaped in filters.

我想念什么?

推荐答案

LDAP过滤器规范为以下字符* ( ) \ NUL赋予特殊含义，这些字符应以反斜杠转义，后跟两个字符ASCII十六进制表示符在搜索过滤器中使用时( rfc2254 ):

The LDAP filter specification assigns special meaning to the following characters * ( ) \ NUL that should be escaped with a backslash followed by the two character ASCII hexadecimal representation of the character when used in a search filter (rfc2254) :

*   \2A
(   \28
)   \29
\   \5C
Nul \00

这意味着用于转义专有名称的特殊字符(包括逗号)的任何反斜杠都必须在搜索过滤器中由\5c表示:

That means any backslash used for escaping a Distinguished Name' special characters (including commas) must be represented by \5c in a search filter :

(&(objectClass=group)(memberof:1.2.840.113556.1.4.1941:=CN=Whalen\5c, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net))

以下是在搜索过滤器中使用时必须用\或\5C转义的dn特殊字符的列表:

Here is the list of dn special characters that must be escaped with either \ or \5C when used in a search filter :

+-------------------------------+---+
| comma                         | , |
+-------------------------------+---+
| Backslash character           | \ |
+-------------------------------+---+
| Pound sign (hash sign)        | # |
+-------------------------------+---+
| Plus sign                     | + |
+-------------------------------+---+
| Less than symbol              | < |
+-------------------------------+---+
| Greater than symbol           | > |
+-------------------------------+---+
| Semicolon                     | ; |
+-------------------------------+---+
| Double quote (quotation mark) | " |
+-------------------------------+---+
| Equal sign                    | = |
+-------------------------------+---+
| Leading or trailing spaces    |   |
+-------------------------------+---+

这篇关于如何在Active Directory筛选器中转义逗号?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！