Comments (2)
Thanks for reporting this. Fortunately, though, this is actually not a problem. The value that the LDAP SDK is generating is logically equivalent to the one that you originally provided, so the server should treat it in exactly the same way.
The reason has to do with the way that escaping works in search filters, and how the LDAP SDK treats that escaping. RFC 4515 provides the specification for generating the string representation of search filters, and it states that you can escape any byte by prefixing the hex representation of that byte with a backslash. Most of the bytes that you have in your value aren’t for printable characters, so the LDAP SDK keeps them encoded. But some of them do represent printable characters. In particular:
- \49 is the way to escape the capital letter I
- \3d (or \3D) is the way to escape the equal sign (=)
- \4b (or \4B) is the way to escape the capital letter K
- \64 is the way to escape the lowercase letter d
One thing that is less obvious, though, is why the “\38” (the second byte of the value) isn’t getting converted into the ASCII letter 8, because “\38” is the way to escape the number 8. The reason for this is that the byte that precedes it actually indicates that it’s part of a two-byte UTF-8 character. Even though the UTF-8 character set doesn’t actually have a character assigned to the byte sequence “\c8\38”, that sequence is within the Latin Extended-B range (between \c7\bf, which defines the “Latin small letter o with stroke and acute” character “ǿ”, and \c8\80, which defines the “Latin capital letter A with double grave” character “Ȁ”), and it’s conceivable that \c8\38 could actually be assigned a character at some point in the future.
Another thing that is less obvious about this is why the string representation changes based on the two ways that you’re creating the filter. When you use Filter.create to construct a Filter object from its string representation, then the LDAP SDK remembers that string representation and uses it as the value that gets returned when you call the filter’s toString method. But when you use other methods for constructing a filter object, like Filter.createORFilter, the LDAP SDK constructs the string representation itself and in the course of doing that, it tries to represent printable ASCII characters that don’t have to be escaped in a filter using their printable ASCII representations rather than their escaped versions. This is generally a good thing because it ensures that most string values with non-ASCII characters remain as readable as possible and only special characters get escaped, but in a corner case like this one, you can end up with unexpected (but still correct) results.
It’s also important to note that the LDAP protocol does not transfer filters as strings. Instead, they use an ASN.1 BER encoding that transfers filter assertion values in binary form. That means that when you actually send a search request to the directory server, whether you have the filter “(|(objectGUID=\c8\38\1f\3d\49\7b\4b\cc\a9\15\64\ea\da\ee\8b\08))” or the filter “(|(objectGUID=\c8\38\1f=I{K\cc\a9\15d\ea\da\ee\8b\08))”, exactly the same bytes get transmitted. So this behavior won’t have any impact at all on the way the server processes the filter because it has no way of knowing how that filter was constructed on the client; it only sees the encoded result.
from ldapsdk.
Thank you for taking the time to answer my question in such great detail. I've learned a couple of new things today which is always nice.
I'll close the issue then since it's not a problem.
from ldapsdk.
Related Issues (20)
- Unable to add entries to LDAP server HOT 1
- Is there way to use objectGuid instead of dn in API ? HOT 1
- What is the best option to remove object by objectGuid ? HOT 2
- Is there way to add user to multiple groups using single ldap request ? HOT 5
- How to get group by primaryGroupId ? How to convert primaryGroupId to groupDn? HOT 8
- How to search entry by operational attribute (PrimaryGroupToken)? HOT 2
- search with ALL_OPERATIONAL_ATTRIBUTES doesn't return any operational attributes HOT 2
- Filter.createSubstringFilter with "subInitial" or "subFinal" set to an empty string HOT 1
- Unable to login with AdditionalBindCredentials when certain OperationTypes are part of AuthenticationRequiredOperationTypes (Supressing Anonymous Connections) HOT 3
- Metric to show potentially available connections HOT 3
- Memory 'leak' in GSSAPIBindRequest HOT 5
- transactions support in unboundid ldap HOT 3
- Is there way to encrypt LDAP password ? (at least Base 64) HOT 1
- Is there way to get page number N during pagination request without iterating over previous pages ? HOT 13
- IdleTimeout parameter for pooled connections HOT 6
- KeyStoreKeyManager doesn't expose alternative KeyStore loading mechanisms. HOT 4
- InMemoryDirectoryServer is single threaded and blocks for searches HOT 1
- Simple bind fails if password contains latin character HOT 2
- multihomed ldap server HOT 3
- Unable to read or decode an LDAP message: Invalid value length of 0 for an ASN.1 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ldapsdk.