Re: LDAP authorisation with Unicode in the Base DN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Eric Covener wrote:
On Mon, Dec 22, 2008 at 10:21 PM, Craig McQueen
<mcqueen-c@xxxxxxxxxxxxxxxx> wrote:
  
I'm trying to do LDAP authorisation with an Active Directory server, and the
"Base DN" has Japanese characters in it. This should be no problem, but I
can't get it to work.

The Base DN is something like:
OU=裾野,OU=管理,DC=edsrd00,DC=local
The corresponding LDAP URL is something like:
AuthLDAPURL
"ldap://server:389/OU=\e8\a3\be\e9\87\8e,OU=\e7\ae\a1\e7\90\86,DC=edsrd00,DC=local?sAMAccountName?sub?(objectClass=*)"
NONE

I think it has the Japanese characters specified in proper RFC 2255 format.
So I think there is a problem in the LDAP authentication module in properly
sending the queries with UTF-8 content in the base DN. The error.log file
says "[ldap_search_ext_s() for user failed][No Such Object]" which seems to
indicate that the LDAP server isn't getting a valid base DN.

Any insights on this?
    
packet trace would tell you what was put in the wire compared to a
working command-line search.
  
I finally got a chance to check this out with Wireshark. I found that the Apache server is just putting the URI on the wire as given, backslashes and numbers and all. So I guess it's not parsing the backslash codes as RFC 2255 specifies.

Does this mean I should submit a bug report?

Regards,
Craig McQueen


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux