filter parse error for nested parenthesis in distinguished name

Question

filter parse error for nested parenthesis in distinguished name

TomerCohen95 opened this issue 2 years ago · 2 comments

While trying to search

let base = "dc.domain.test.local";
let scope = Scope::Subtree;
let filter = (|(distinguishedName=CN=User102 (Tomer), CN=Users,DC=domain1,DC=test,DC=local (distinguishedName=CN=User1020,CN=Users,DC=domain1,DC=test,DC=local))
let attrs = MY_ATTRS.map(|s| s.to_string()).to_vec();

self.ldap.search(base, scope, filter, attrs).await?;

we are getting filter parse error which is caused by the (Tomer) in the first distinguished name.
when removing the parenthesis or switching to `\28Tomer\29' the request succeeds.

when using ldp.exe to send the request - the filter works just as it is in the example

Answer 1 · 2023-09-13T14:28:12.000Z

ldap3 behaves correctly (that is, according to RFC 4515) here. The 'value' side of a filter must not contain ASCII NUL, parenthesis or an asterisk, those need to be backslash-escaped as you already noted.

Answer 2 · 2023-09-13T18:54:48.000Z

As @dequbed said: parentheses in a filter literal must be hex-escaped. The ldap_escape() function does this.