我应该如何转义 ldap 特殊字符? [英] How should I escape ldap special characters?

问题描述

我正在使用 python-ldap 来查询 Active Directory

I'm using python-ldap to query Active Directory

我有这个 DN

CN=Whalen, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net

作为查询的基础工作正常，但如果我尝试在这样的搜索过滤器中使用它

That works fine as a base in a query, but if I try to use it in a search filter like this

(&(objectClass=group)(memberof:1.2.840.113556.1.4.1941:=CN=Whalen, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net))

我收到一个 Bad search filter 错误.从我的测试来看，CN 中的逗号似乎是罪魁祸首，即使我用反斜杠 () 对其进行了转义.但是，Microsoft 文档 作为需要在过滤器中转义的字符.

I get a Bad search filter error. From my testing, the comma in the CN seems to be the culprit, even though I escaped it with a backslash (). But, comma isn't listed in the Microsoft documentation as a character that needs escaped in filters.

我错过了什么?

推荐答案

LDAP 过滤器规范为以下字符指定了特殊含义 * ( ) NUL 应使用反斜杠转义，后跟字符的两个字符 ASCII 十六进制表示在搜索过滤器中使用时(rfc2254) :

The LDAP filter specification assigns special meaning to the following characters * ( ) NUL that should be escaped with a backslash followed by the two character ASCII hexadecimal representation of the character when used in a search filter (rfc2254) :

*   2A
(   28
)   29
   5C
Nul 0

这意味着用于转义专有名称'特殊字符(包括逗号)的任何反斜杠必须在搜索过滤器中用 5c 表示:

That means any backslash used for escaping a Distinguished Name' special character (including commas) must be represented by 5c in a search filter :

(&(objectClass=group)(memberof:1.2.840.113556.1.4.1941:=CN=Whalen5c, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net))

这是在搜索过滤器中使用时必须用 或 5C 转义的 dn 特殊字符列表:

Here is the list of dn special characters that must be escaped with , or whith 5C when used in a search filter :

    +-------------------------------+---+
    | comma                         | , |
    +-------------------------------+---+
    | Backslash character           |  |
    +-------------------------------+---+
    | Pound sign (hash sign)        | # |
    +-------------------------------+---+
    | Plus sign                     | + |
    +-------------------------------+---+
    | Less than symbol              | < |
    +-------------------------------+---+
    | Greater than symbol           | > |
    +-------------------------------+---+
    | Semicolon                     | ; |
    +-------------------------------+---+
    | Double quote (quotation mark) | " |
    +-------------------------------+---+
    | Equal sign                    | = |
    +-------------------------------+---+
    | Leading or trailing spaces    |   |
    +-------------------------------+---+

这篇关于我应该如何转义 ldap 特殊字符?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！