From: Chris R. <chr...@me...> - 2001-03-08 11:02:35
|
Graham Barr <gb...@po...> wrote: > On Thu, Mar 08, 2001 at 09:50:45AM -0000, Chris Ridd wrote: >> Graham Barr <gb...@po...> wrote: >> > I don't think the DN should be base64 encoded, it should be encoded >> > using rules from rfc2253, which should result in a printable string >> > and avoid the need for base64 encoding >> >> Interesting. >> >> RFC 2849 says that DNs should be base-64 encoded if any of the RDN values >> contain 'unsafe' characters. >> >> RFC 2253 format DNs 'may' escape any character using the \hexpair >> notation. >> >> So what you're suggesting is that we display DNs by always >> backslashifying unsafe characters instead of base-64 encoding them. >> >> I think that RFC 2849 would permit that, and it does have the benefit of >> making the DNs semi-readable. Well, more readable than a blob of base 64. > > That was my reasoning behind it. Uh huh. >> So we need an extra bit of code to backslashify a DN. >> >> my $dn = $entry->dn; >> $dn =~ s/([\x00-\x1f:<\x7f-\xff])/sprintf("\\%02x",ord($1))/ge; >> >> (NB colon and < are special in LDIF, hence the additions in the regex.) > > They are only special if they are the first character though, which would > not happen with a DN, right ? Right. > We could just do the above, or we could call the cannonify sub in ::Util > if /[\x00-\x1f\x7f-\xff]/ or is that too much is it could change the > way a DN looks Let's see, what canonicalisation does canonical_dn do.. * it lowercases values that are # followed by hex, * it lowercases types that start with an OID, * it backslashifies RFC 2253-magic characters, * it backslash and hex encodes 0x00-0x1f and 0x7f-0xff characters, * it surrounds values with leading/trailing/multiple spaces with quotes. (Actually, that last part is not permitted by RFC 2253. You should replace those spaces with "\20" or "\ ". I suspect "\20" would be safer especially at the end of a string, to avoid someone simply ripping trailing spaces off and leaving the string ending with a dangling slash.) Those canonicalisations look OK to me. Have I missed any others? Cheers, Chris |