FYI: Solved problems with NON-ASCII chars in DN when using OpenLDAP 2.1.x libs.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Michael Str=F6der wrote:
>=20
> 1. Solve problems with NON-ASCII chars in DN when using OpenLDAP
> 2.1.x libs.

Now this turned out to be a problem with ldap.explode_dn() and=20
errornous handling of NON-ASCII chars in DNs (e.g. for search=20
root) in OpenLDAP servers 1.x and 2.0.x.

Unlike former versions ldap_explode_dn() returns escaped values if=20
the DN of OpenLDAP 2.1.x returns contains NON-ASCII chars. This is=20
valid according to RFC2253 but causes compability problems with=20
old OpenLDAP servers. The older OpenLDAP servers do not match the=20
escaped values in DNs properly.

See the following trace log of a situation hitting in web2ldap=20
when accessing OpenLDAP 2.0.x (it works e.g. against Netscape=20
Directory 4.1x):

*** _ldap.<built-in function explode_dn> (('cn=3DMichael
 >Str\xc3\xb6...@st...,ou=3DTesting,dc=3Dstroeder,d=
c=3Dcom',
 >0),{})
 >=3D> result: ['cn=3DMichael Str\\C3\\B6d...@st...'=
,
 >'ou=3DTesting', 'dc=3Dstroeder', 'dc=3Dcom']
 >*** ldap.ldapobject.SimpleLDAPObject.search (('cn=3DMichael
 >Str\\C3\\B6d...@st...,ou=3DTesting,dc=3Dstroeder,d=
c=3Dcom',
 >0, '(objectclass=3D*)', ['cn'], 0),{})
 >=3D> result: 1
 >*** ldap.ldapobject.SimpleLDAPObject.result ((1, 1, -1),{})
 >=3D> LDAPError: {'info': '', 'matched':
 >'ou=3DTesting,dc=3Dstroeder,dc=3Dcom', 'desc': 'No such object'}

Note also that ldap_explode_dn() is marked as deprecated in=20
OpenLDAP 2.1.x's ldap.h.

Ciao, Michael.