JNDI 查询返回到 LDAP 服务器的名称中的正斜杠 [英] Forward slashes in the names returned by JNDI query to LDAP server

问题描述

我需要对 LDAP 目录服务器进行多次查询，并且我正在使用 JNDI 目录工具.然后我需要使用它们的专有名称对查询结果中的对象进行一些处理.服务器返回的某些条目包含正斜杠字符，因此 JNDI 使用双引号对整个名称进行转义:

I need to make several queries to LDAP directory server and I'm using JNDI directory facilities for it. Then I need to do some work with the objects from the query result using their distinguished names. Some of the entries returned by the server contain forward slash character, and because of this JNDI escapes the whole name with double quotes:

NamingEnumeration<SearchResult> results = dirContext.search(queryRoot, queryFilter, controls);
for (SearchResult result : Collections.list(results)) {
    String objectName = result.getName();
    System.out.println(objectName);
}

如果查询结果中的一个对象有一个名字，比如'b=id/10,a=1'，它会像这样打印

If one of the objects in the query results has a name, say, 'b=id/10,a=1', it is printed like this

"b=id/10,a=1"

注意名称周围的双引号.由于这些引号，我无法直接从中创建 javax.naming.ldap.LdapName :它因 NamingException "Invalid name" 而失败.

Note the double quotes around the name. Because of these quotes I cannot create javax.naming.ldap.LdapName from it directly: it fails with NamingException "Invalid name".

我知道我可以手动删除这些引号，但这感觉很老套.有没有办法避免这种逃避?或者也许有更清洁的方法来做我需要的事情?

I understand that I can remove these quotes manually, but this feels hacky. Is there a way to avoid such escaping? Or maybe there are cleaner methods to do what I need?

附:有趣的是，官方 JNDI 教程 建议使用 LdapName 实现简单的名称操作"，甚至提到了转义问题但没有提供任何关于上述问题的链接.

P.S. It is funny that official JNDI tutorial suggests using LdapName to achieve "easy name manipulation" and even mentions the escape problem but does not provide any links on the problem described above.

推荐答案

如果 AttributeValue 具有特定于 LDAP 的语法，则字符将(使用定义的语法规范)转换为 UTF-8，并且仅以下字符必须转义:

If an AttributeValue has LDAP-specific syntax, the characters are converted (using the defined syntax specification) to UTF-8 and only the following characters must be escaped:

• ' '(空格)在字符串的开头
• ' '(空格)在字符串的末尾
• '"'
• '+'(加号表示多值RDN)
• ,(逗号分隔专有名称的组成部分)
• ;
• <
• >
• <代码>

• ' ' (space) at the beginning of the string
• ' ' (space) at the end of the string
• '"'
• '+' (the plus character indicates a multi-valued RDN)
• , (the comma character separates components of the distinguished name)
• ;
• <
• >

正斜杠是一个有效字符，不需要转义，因此它必须由应用程序和该应用程序使用的 API 处理.正如您所指出的，正斜杠具有特殊含义".到 JNDI.JNDI 在很多方面都设计得很糟糕，这只是众多方面之一.考虑将 UnboundID LDAP SDK 用于新代码.

The forward slash is a valid character and need not be escaped, therefore it must be handled by the application and the API used by that application. As you noted, the forward slash has "special meaning" to JNDI. JNDI is poorly designed in many respects, this is only one of the many. Consider using the UnboundID LDAP SDK for new code.

例如，添加以下条目:

dn: uid=abc/def,ou=people,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: inetOrgPerson
uid: abc/def
cn: abc/def
sn: abc/def
userPassword: this entry is used to test http://stackoverflow.com/questions/11690529/forward-slashes-in-the-names-returned-by-jndi-query-to-ldap-server

检索刚刚添加的条目:

ldapsearch -h localhost -p 10389 -D 'cn=RootDn'  -b dc=example,dc=com -s sub '(uid=abc/def)' 1.1
Enter bind password: 
version: 1
dn: uid=abc/def,ou=people,dc=example,dc=com

另见

• 可分辨名称的字符串表示

这篇关于JNDI 查询返回到 LDAP 服务器的名称中的正斜杠的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！