ruby-net-ldap icon indicating copy to clipboard operation
ruby-net-ldap copied to clipboard

Published 20 hours ago verified publisher icon ruby-ldap

Active Directory fixes for alternate encoding RFC4514

Open cmdrclueless opened this issue 6 years ago • 3 comments

As part of RFC4514 section 2.4, it's permissible to prefix some characters with the backslash (\) symbol instead of using the standard format of \xx where xx is the hexadecimal code for the character in question. This was exposed when a group in Active Directory (AD) was created with a # symbol.

Consider the DN CN=#Supers,DC=foo,DC=bar,DC=com. AD sends this as CN=\#Supers,DC=foo,DC=bar,DC=com, which is an alternative format according to the spec. However the # symbol is hex code 23. This mean the standardized form via the spec should result in CN=\23Supers,DC=foo,DC=bar,DC=com. Unfortunately during testing AD will return the record, if and only if, the alternative format is used.

The relevant section of the RFC for this change follows

Each octet of the character to be escaped is replaced by a backslash and two hex digits, which form a single octet in the code of the character. Alternatively, if and only if the character to be escaped is one of

 ' ', '"', '#', '+', ',', ';', '<', '=', '>', or '\'
 (U+0020, U+0022, U+0023, U+002B, U+002C, U+003B,
  U+003C, U+003D, U+003E, U+005C, respectively)

it can be prefixed by a backslash ('' U+005C).

cmdrclueless avatar Jul 10 '19 20:07 cmdrclueless

Hi @cmdrclueless, thanks for the contribution! Would you be open to taking a pass at implementing tests to demonstrate the expected behavior?

mtodd avatar Nov 18 '19 20:11 mtodd

If time permits, it is totally up to my employer as the fix was made for work issues. My free time is already allocated for other projects. I made the fix for production work and it's in the field so it may be quite a while.

On Mon, Nov 18, 2019 at 3:07 PM Matt Todd [email protected] wrote:

Hi @cmdrclueless https://github.com/cmdrclueless, thanks for the contribution! Would you be open to taking a pass at implementing tests to demonstrate the expected behavior?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ruby-ldap/ruby-net-ldap/pull/324?email_source=notifications&email_token=AABHDKR6XJTSQVPJUMRPMH3QULYY5A5CNFSM4H7XM3U2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEELXYEA#issuecomment-555187216, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABHDKREE24AJEWMSCCTFATQULYY5ANCNFSM4H7XM3UQ .

--

/* insert witty comment here */

cmdrclueless avatar Nov 19 '19 02:11 cmdrclueless

@cmdrclueless do you have a few moments to attempt to write some tests for this? Thanks!

HarlemSquirrel avatar Aug 29 '20 19:08 HarlemSquirrel