Geek Answers Handbook

Straight forward slashes in names returned by a JNDI request to an LDAP server

I need to make some requests to the LDAP directory server, and I use the JNDI directory resources for it. Then I need to do some work with the objects from the query result using their distinguished names. Some of the entries returned by the server contain a slash, and because of this, JNDI escapes the entire name with double quotes:

NamingEnumeration<SearchResult> results = dirContext.search(queryRoot, queryFilter, controls); for (SearchResult result : Collections.list(results)) { String objectName = result.getName(); System.out.println(objectName); }

If one of the objects in the query results has a name, for example: 'b = id / 10, a = 1', it is printed as follows

 "b=id/10,a=1"

Note the double quotes around the name. Because of these quotes, I cannot directly create javax.naming.ldap.LdapName from it: with a NamingException "Invalid name" error.

I understand that I can remove these quotes manually, but it seems to be hacked. Is there any way to avoid such an escape? Or maybe there are cleaner methods to do what I need?

PS It's funny that the official JNDI tutorial suggests using LdapName to achieve "easy name manipulation" and even mentions an escape problem, but does not provide any links to the problem described above.

+4
source share
2 answers

If AttributeValue has LDAP-specific syntax, characters are converted (using a specific syntax specification) to UTF-8, and only the following characters should be escaped:

  • ' ' (space) at the beginning of a line
  • ' ' (space) at the end of the line
  • '"'
  • '+' (plus sign indicates a multi-digit RDN)
  • , (a comma character separates the components of the distinguished name)
  • ;
  • <
  • >
  • \

The forward slash is a valid character and does not need to be escaped, so it must be handled by the application and the API used by that application. As you noted, the forward slash has a β€œspecial meaning” for JNDI. JNDI is poorly designed in many ways; it's just one of many. Consider using the UnboundID LDAP SDK for new code.

For example, add the following entry:

 dn: uid=abc/def,ou=people,dc=example,dc=com objectClass: top objectClass: person objectClass: inetOrgPerson uid: abc/def cn: abc/def sn: abc/def userPassword: this entry is used to test http://stackoverflow.com/questions/11690529/forward-slashes-in-the-names-returned-by-jndi-query-to-ldap-server

get the record just added:

 ldapsearch -h localhost -p 10389 -D 'cn=RootDn' -b dc=example,dc=com -s sub '(uid=abc/def)' 1.1 Enter bind password: version: 1 dn: uid=abc/def,ou=people,dc=example,dc=com

see also

+2
source

Search result result SearchResult.getName () has the form CompositeName . Try using it as follows:

 Name itemPart = new CompositeName(result.getName()) Name absoluteName = new LdapName(myBasePath).addAll(itemPart) // or String sAbsoluteName = ctx.composeName(new LdapName(myBasePath), itemPart)

Strange escaping will be removed from absoluteName .

0
source

More articles:


All Articles