由JNDI查询返回到LDAP服务器的名称中的正斜杠 [英] Forward slashes in the names returned by JNDI query to LDAP server
问题描述
我需要对LDAP目录服务器进行多个查询,我正在使用JNDI目录设备。那么我需要使用他们的专有名称从查询结果中对象进行一些工作。服务器返回的一些条目包含正斜杠字符,并且因为此JNDI使用双引号转义整个名称:
的NamingEnumeration<信息搜索结果> results = dirContext.search(queryRoot,queryFilter,controls); (SearchResult result:Collections.list(results))
{
String objectName = result.getName();
System.out.println(objectName);
}
如果查询结果中的一个对象有一个名称, b = id / 10,a = 1',这样打印
b = id / 10,a = 1
请注意名称周围的双引号。由于这些引号,我无法直接从它创建 javax.naming.ldap.LdapName :它失败, NamingException 无效名字。
我明白我可以手动删除这些引号,但这感觉很糟糕。有没有办法避免这样的逃脱?或者也许有更干净的方法来做我所需要的?
有趣的是,官方JNDI教程建议使用 LdapName 来实现易名称操纵,甚至提到转义问题,但不提供上述问题的任何链接。
如果 AttributeValue 具有特定于LDAP的语法,则将字符转换为(使用定义的语法规范)为UTF-8,必须转义以下字符:
-
''(空格)字符串的开头 -
''(空格)在字符串末尾 -
''' -
'+'(加号表示多价值RDN) -
,(逗号字符分隔了可分辨名称的组成部分) -
; -
-
> -
\
正斜杠是一个有效的字符,不需要转义,因此它必须由应用程序和该应用程序使用的API进行处理。正如你所说,正斜杠对JNDI有特殊意义。 JNDI在许多方面设计不佳,这只是其中的一个。请考虑使用 UnboundID LDAP SDK 获取新代码。
例如,添加以下条目:
dn:uid = abc / def,ou = people,dc = example,dc = com
objectClass:top
objectClass:person
objectClass:inetOrgPerson
uid:abc / def
cn:abc / def
sn :abc / def
userPassword:此条目用于测试http://stackoverflow.com/questions/11690529/forward-slashes-in-the-names-returned-by-jndi-query-to-ldap-服务器
检索刚添加的条目:
ldapsearch -h localhost -p 10389 -D'cn = RootDn'-b dc = example,dc = com -s sub'(uid = abc / def)'1.1
输入绑定密码:
版本:1
dn:uid = abc / def,ou = people,dc = example,dc = com
I need to make several queries to LDAP directory server and I'm using JNDI directory facilities for it. Then I need to do some work with the objects from the query result using their distinguished names. Some of the entries returned by the server contain forward slash character, and because of this JNDI escapes the whole name with double quotes:
NamingEnumeration<SearchResult> results = dirContext.search(queryRoot, queryFilter, controls);
for (SearchResult result : Collections.list(results)) {
String objectName = result.getName();
System.out.println(objectName);
}
If one of the objects in the query results has a name, say, 'b=id/10,a=1', it is printed like this
"b=id/10,a=1"
Note the double quotes around the name. Because of these quotes I cannot create javax.naming.ldap.LdapName from it directly: it fails with NamingException "Invalid name".
I understand that I can remove these quotes manually, but this feels hacky. Is there a way to avoid such escaping? Or maybe there are cleaner methods to do what I need?
P.S. It is funny that official JNDI tutorial suggests using LdapName to achieve "easy name manipulation" and even mentions the escape problem but does not provide any links on the problem described above.
If an AttributeValue has LDAP-specific syntax, the characters are converted (using the defined syntax specification) to UTF-8 and only the following characters must be escaped:
' '(space) at the beginning of the string' '(space) at the end of the string'"''+'(the plus character indicates a multi-valued RDN),(the comma character separates components of the distinguished name);<>\
The forward slash is a valid character and need not be escaped, therefore it must be handled by the application and the API used by that application. As you noted, the forward slash has "special meaning" to JNDI. JNDI is poorly designed in many respects, this is only one of the many. Consider using the UnboundID LDAP SDK for new code.
For example, add the following entry:
dn: uid=abc/def,ou=people,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
uid: abc/def
cn: abc/def
sn: abc/def
userPassword: this entry is used to test http://stackoverflow.com/questions/11690529/forward-slashes-in-the-names-returned-by-jndi-query-to-ldap-server
retrieve the entry just added:
ldapsearch -h localhost -p 10389 -D 'cn=RootDn' -b dc=example,dc=com -s sub '(uid=abc/def)' 1.1
Enter bind password:
version: 1
dn: uid=abc/def,ou=people,dc=example,dc=com
see also
这篇关于由JNDI查询返回到LDAP服务器的名称中的正斜杠的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
