Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
perl.ldap
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Net::LDAP::Util not compatible with RFC4514
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   5 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Quanah Gibson-Mount  
View profile  
 More options Sep 18 2012, 7:45 pm
Newsgroups: perl.ldap
From: qua...@zimbra.com (Quanah Gibson-Mount)
Date: Tue, 18 Sep 2012 16:26:57 -0700
Local: Tues, Sep 18 2012 7:26 pm
Subject: Net::LDAP::Util not compatible with RFC4514
Print | Individual message | Show original | Report this message | Find messages by this author
In playing with Net::LDAP::Util it became apparent that it is not compliant
with RFC4514, but instead complies with the older RFC2253.  Specifically
where #'s in DNs are concerned.  Currently it's expecting # followed by hex
digits.  This may not be the case once RFC4514 LDIF is in use.

An example DN that it does not handle correctly:

dn: zimbraSignatureName=Signature #1,uid=xyz,ou=people,dc=example,dc=com

The above is not legal with RFC2253, but it is legal with RFC4514.

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Peter Marschall  
View profile  
 More options Sep 20 2012, 3:45 am
Newsgroups: perl.ldap
From: pe...@adpm.de (Peter Marschall)
Date: Thu, 20 Sep 2012 09:34:36 +0200
Local: Thurs, Sep 20 2012 3:34 am
Subject: Re: Net::LDAP::Util not compatible with RFC4514
Print | Individual message | Show original | Report this message | Find messages by this author
Hi,

On Wednesday, 19. September 2012, Quanah Gibson-Mount wrote:
> In playing with Net::LDAP::Util it became apparent that it is not compliant
> with RFC4514, but instead complies with the older RFC2253.  Specifically
> where #'s in DNs are concerned.  Currently it's expecting # followed by hex
> digits.  This may not be the case once RFC4514 LDIF is in use.

> An example DN that it does not handle correctly:

> dn: zimbraSignatureName=Signature #1,uid=xyz,ou=people,dc=example,dc=com

> The above is not legal with RFC2253, but it is legal with RFC4514.

You may have a look at the commit
  https://github.com/marschap/perl-
ldap/commit/125632a514120ee72912e5fc5b5dd5d1e9c76075
which tries to fix the issue.

The updated ldap_explode_dn() should be more strictly conforming to
the RFCs.
(It is not release ready, because the test files arenot updated yet)

Another issue was found in escape_dn_value() which got fixed in
  https://github.com/marschap/perl-
ldap/commit/11ea6b176a0e728d10cc3219cbb84fd8018df5a6

Feedback is very welcome

Best regards
Peter
--
Peter Marschall
pe...@adpm.de


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Quanah Gibson-Mount  
View profile  
 More options Sep 20 2012, 1:15 pm
Newsgroups: perl.ldap
From: qua...@zimbra.com (Quanah Gibson-Mount)
Date: Thu, 20 Sep 2012 10:02:05 -0700
Local: Thurs, Sep 20 2012 1:02 pm
Subject: Re: Net::LDAP::Util not compatible with RFC4514
Print | Individual message | Show original | Report this message | Find messages by this author
--On Thursday, September 20, 2012 9:34 AM +0200 Peter Marschall

Thanks Peter!  Should I look at this or perl-ldap 0.48? ;)

--Quanah

--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Peter Marschall  
View profile  
 More options Sep 20 2012, 1:30 pm
Newsgroups: perl.ldap
From: pe...@adpm.de (Peter Marschall)
Date: Thu, 20 Sep 2012 19:25:41 +0200
Local: Thurs, Sep 20 2012 1:25 pm
Subject: Re: Net::LDAP::Util not compatible with RFC4514
Print | Individual message | Show original | Report this message | Find messages by this author
Hi Quanah,

On Thursday, 20. September 2012, Quanah Gibson-Mount wrote:
> --On Thursday, September 20, 2012 9:34 AM +0200 Peter Marschall

> > Feedback is very welcome

> Thanks Peter!  Should I look at this or perl-ldap 0.48? ;)

At this _and_ perl-ldap 0.48 ;-)
These changes are not part of a release yet.

I am hoping for feedback on the patches, and info from the
openldap mailing list (Kurt co-authored th RFCs) whether my
interpretation of the RFCs is correct.

Best
Peter

--
Peter Marschall
pe...@adpm.de


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Peter Marschall  
View profile  
 More options Sep 21 2012, 12:00 pm
Newsgroups: perl.ldap
From: pe...@adpm.de (Peter Marschall)
Date: Fri, 21 Sep 2012 17:52:29 +0200
Local: Fri, Sep 21 2012 11:52 am
Subject: Re: Net::LDAP::Util not compatible with RFC4514
Print | Individual message | Show original | Report this message | Find messages by this author
Hi,

On Wednesday, 19. September 2012, Quanah Gibson-Mount wrote:
> In playing with Net::LDAP::Util it became apparent that it is not compliant
> with RFC4514, but instead complies with the older RFC2253.  Specifically
> where #'s in DNs are concerned.  Currently it's expecting # followed by hex
> digits.  This may not be the case once RFC4514 LDIF is in use.

> An example DN that it does not handle correctly:

> dn: zimbraSignatureName=Signature #1,uid=xyz,ou=people,dc=example,dc=com

> The above is not legal with RFC2253, but it is legal with RFC4514.

Please also have alook at a new alternative solution to the ldap_explode_dn
issue w.r.t. RFC 4514:
  https://github.com/marschap/perl-ldap/tree/ldap_explode_dn-relaxed

This alternative tries to adhere to Postel's law, "be conservative in what you
do, be liberal in what you accept from others".

Pro's:
- no additional option (like 'rfc2253') necessary
- should not break existing code that relied on some RFC 2253 peculiarities
  (at least, the probability to do so is much lower)
- higher compatibilitiy to openLDAP's slapdn than the other alternative

Con's:
- might accept DN's that are not conforming to any of the RFCs
  (but canonical_dn will make them confiorming to both)

Which of the alternatives do you prefer?

Best
PEter

--
Peter Marschall
pe...@adpm.de


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google