Geek Answers Handbook

Javascript regex for DN

I used regex to overlay all types of possible DNs

I create one, but it is not so good.

/([A-z0-9=]{1}[A-z0-9]{1})*[,??]/ and some others , changing it, but in vain.

Positive DN may be

 CN=abcd,CN=abcd,O=abcd,C=us CN=abcd0520,CN=users,O=abcd,C=us C=us etc
+7
source share
4 answers

I created one. It works great.

 ^(\w+[=]{1}\w+)([,{1}]\w+[=]{1}\w+)*$
+1
source

I need this lately, so I created one that perfectly matches the syntax of the LDAPv3 syntax in RFC-2253 .

Attribute type

An attribute type can be expressed in two ways. Alphanumeric string starting with alpha using:

[A-Za-z][\w-]*

Or it could be an OID verified with:

\d+(?:\.\d+)*

Thus, the typeType attribute checks for use:

[A-Za-z][\w-]*|\d+(?:\.\d+)*

Attribute value

An attribute value can be expressed in three ways. A hexadecimal string, which is a sequence of hexadecimal pairs with leading # . The hex string is checked using:

#(?:[\dA-Fa-f]{2})+

Or an escaped string; each non-special character is expressed "as is" (checked using [^,=\+<>#;\\"] ). Special characters can be expressed using the host \ (checks to use \\[,=\+<>#;\\"] ). Finally, any character can be expressed as a hexadecimal pair with a leading \ (checks for the use of \\[\dA-Fa-f]{2} ). An escaped string is checked with:

(?:[^,=\+<>#;\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*

Or a quoted string; the value begins and ends with " , and may contain any character that is not reset except for \ and " . In addition, you can use any of the methods from the above line. The quote checks using:

"(?:[^\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*"

All together, the value attribute checks for use:

#(?:[\dA-Fa-f]{2})+|(?:[^,=\+<>#;\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*|"(?:[^\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*"

Name component

Name component in BNF:

 name-component = attributeTypeAndValue *("+" attributeTypeAndValue) attributeTypeAndValue = attributeType "=" attributeValue

RegEx has:

(?#attributeType)=(?#attributeValue)(?:\+(?#attributeType)=(?#attributeValue))*

Replacing the placeholders (?#attributeType) and (?#attributeValue) the above values ​​gives us:

(?:[A-Za-z][\w-]*|\d+(?:\.\d+)*)=(?:#(?:[\dA-Fa-f]{2})+|(?:[^,=\+<>#;\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*|"(?:[^\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*")(?:\+(?:[A-Za-z][\w-]*|\d+(?:\.\d+)*)=(?:#(?:[\dA-Fa-f]{2})+|(?:[^,=\+<>#;\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*|"(?:[^\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*"))*

Which checks one component of the name.

Distinguished name

Finally, BNF for the distinguished name:

name-component *("," name-component)

RegEx has:

(?#name-component)(?:,(?#name-component))*

Replacing the placeholder (? # Name-component) with the value above gives us:

^(?:[A-Za-z][\w-]*|\d+(?:\.\d+)*)=(?:#(?:[\dA-Fa-f]{2})+|(?:[^,=\+<>#;\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*|"(?:[^\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*")(?:\+(?:[A-Za-z][\w-]*|\d+(?:\.\d+)*)=(?:#(?:[\dA-Fa-f]{2})+|(?:[^,=\+<>#;\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*|"(?:[^\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*"))*(?:,(?:[A-Za-z][\w-]*|\d+(?:\.\d+)*)=(?:#(?:[\dA-Fa-f]{2})+|(?:[^,=\+<>#;\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*|"(?:[^\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*")(?:\+(?:[A-Za-z][\w-]*|\d+(?:\.\d+)*)=(?:#(?:[\dA-Fa-f]{2})+|(?:[^,=\+<>#;\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*|"(?:[^\\"]|\\[,=\+<>#;\\"]|\\[\dA-Fa-f]{2})*"))*)*$

Test it here

+10
source

This is not only impossible, it will never work, and it should not even be tried. LDAP data (distinguished name in this case) is not a string. The distinguished name has the distinguishedName syntax, which is not a string, and comparisons must be made using the matching rules defined in the directory server schema. For this reason, regular expressions and comparisons with the source language, relative value and equality, such as perl ~~ , eq and == and Java == cannot be used with LDAP data - if the programmer tries to do this, unexpected results may occur, and the code is fragile, fragile, unpredictable and has no repetitive characteristics. LDAP APIs for languages ​​that do not support the relevant rules cannot be used with LDAP where comparisons, equality checks, and relative order comparisons are required.

As an example, the distinguished names " dc=example,dc=com " and " DC=example, DC=COM " are in all respects equivalent from the point of view of LDAP, but the equality operators of the native language will return false .

+1
source

This worked for me:

Expression

 ^(?<RDN>(?<Key>(?:\\[0-9A-Fa-f]{2}|\\\[^=\,\\]|[^=\,\\]+)+)\=(?<Value>(?:\\[0-9A-Fa-f]{2}|\\\[^=\,\\]|[^=\,\\]+)+))(?:\s*\,\s*(?<RDN>(?<Key>(?:\\[0-9A-Fa-f]{2}|\\\[^=\,\\]|[^=\,\\]+)+)\=(?<Value>(?:\\[0-9A-Fa-f]{2}|\\\[^=\,\\]|[^=\,\\]+)+)))*$

Test:

 CN=Test User Delete\0ADEL:c1104f63-0389-4d25-8e03-822a5c3616bc,CN=Deleted Objects,DC=test,DC=domain,DC=local

The expression has already been superseded, so to avoid repeating all backslashes in C #, make sure you prefix the string with the unescaped literal @ character, i.e.

 var dnExpression = @"...";

This will give four groups, first a copy of the entire string, a second copy of the last RDN, a third and fourth key / value pair. You can index each key / value using the Captures collection of each group.

You can also use this to check the RDN by cutting out the expression in the group "(? ...)" surrounded by the usual "^ ... $" so that an integer value (beginning of line) is required.

I allowed the hexadecimal escape character "\", the simple escape character "\", or something other than ", = \" inside the text of the key / value DN. I suggest that this expression can be improved by taking extra time to go through the MSDN AD standard and limit the allowed characters to exactly what they are or are not allowed. But I think this is a good start.

0
source

More articles:


All Articles