[cifs-protocol] character escaping in DN and canonicalName [120072224000698]

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Wed Aug 12 23:00:13 UTC 2020 

thank you Sreekanth.

So this means escapes in the form "\01" are understood but never produced?

That is consistent with what I see.

regards,

Douglas

On 11/08/20 3:36 am, Sreekanth Nadendla wrote:
> 
> Hello Douglas, the link you provided actually have the list of the only chars that will escape in canonicalName:
> 
> "In the canonicalName both the forward slash and backslash characters are escaped using the backslash escape character. However, no other characters are escaped."
> 
> canonicalName is a constructed attribute, which means it is only for output, but never for input.  In other word, you can not write a string of value of a canonicalName.  For the output sting of a canonicalName, the only characters that will appear with an escape \ will be forward and back slash.
> 
> 
> 1.	Distinguished name has a list of chars that need escape.  In corresponding canonicalName, escape will not appear:
> For example:
> Input DN to create a new object is:        CN=test\#End,CN=MiniSmokeAppNC
> Search the object get:
> ldap_search_s(ld, "CN=test\#End,CN=MiniSmokeAppNC", 0, "(objectClass=*)", attrList,  0, &msg)
> Getting 1 entries:
> Dn: CN=test\#End,CN=MiniSmokeAppNC
> canonicalName: /MiniSmokeAppNC/test#End; 
> name: test#End; 
> DN has \#, but either canonicalName nor name has escape
> 
> 2.	Hex value will be translated and stored as a Unicode if we can.
> For example, input DN to create a new object is :  “CN=test\C4\81\#,CN=MiniSmokeAppNC”
> Search the object get:
> Dn: CN=testā\#,CN=MiniSmokeAppNC
> canonicalName: /MiniSmokeAppNC/testā#; 
> name: testā#; 
> hex value is translated into a Unicode.  No escape for it in DN, canonicalName, or name
> 
> 3.	Slash and backslash will appear in canonicalName with escape
> For example, input DN to create a new object is : “CN=test\#\\End,CN=MiniSmokeAppNC”
> Search this object get:
> Dn: CN=test\#\\End,CN=MiniSmokeAppNC
> canonicalName: /MiniSmokeAppNC/test#\\End; 
> name: test#\End; 
> DN has escape for both “#” and “\”.  canonicalName has escape for \ but not for #.  Name has either.
> 
> Regards,
> Sreekanth Nadendla
> Microsoft Windows Open Specifications
> 
> -----Original Message-----
> From: Sreekanth Nadendla 
> Sent: Monday, August 3, 2020 11:19 AM
> To: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Cc: cifs-protocol at lists.samba.org; support <support at mail.support.microsoft.com>
> Subject: character escaping in DN and canonicalName [120072224000698]
> 
> Hi Douglas, I’m researching this issue for you. Will provide you an update as soon as I have some details to share with you.
> 
> 
> Regards,
> Sreekanth Nadendla
> Microsoft Windows Open Specifications
> 
> -----Original Message-----
> From: Obaid Farooqi <obaidf at microsoft.com> 
> Sent: Wednesday, July 22, 2020 4:33 AM
> To: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Cc: cifs-protocol at lists.samba.org; support <support at mail.support.microsoft.com>
> Subject: RE: character escaping in DN and canonicalName [120072224000698]
> 
> Hi Douglas:
> Thanks for contacting Microsoft. I have created a case to track this issue. A member of the open specifications team will be in touch soon.
> 
> Regards,
> Obaid Farooqi
> Escalatiion Engineer | Microsoft
> 
> -----Original Message-----
> From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
> Sent: Tuesday, July 21, 2020 9:22 PM
> To: Interoperability Documentation Help <dochelp at microsoft.com>
> Cc: cifs-protocol at lists.samba.org
> Subject: [EXTERNAL] character escaping in DN and canonicalName
> 
> hi Dochelp,
> 
> According to RFC 4514 and articles like
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsocial.technet.microsoft.com%2Fwiki%2Fcontents%2Farticles%2F5312.active-directory-characters-to-escape.aspx&data=02%7C01%7Csrenaden%40microsoft.com%7Cf6102022d87742a94e6b08d82e19ccd8%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637310035698795797&sdata=1ALo7t2ByMAMsJN7AVPeumOVtlLbs2Ri%2FVR49AJwFTY%3D&reserved=0
> the characters ' ', '"', '#', '+', ',', ';', '<', '=', '>', '\' are escaped with a leading '\', while other characters can be escaped as hex values like "\0a". For canonicalName, '/' must also be escaped, for obvious reasons.
> 
> My question is: is there anywhere a list of which characters are canonically escaped in the hex form?
> 
> That is, I suppose a carriage return is always escaped as "\0d", and an 'A' is never escaped as "\41". But I don't know whether, for example, "ā" ('a' with macron) is included in a canonicalName or DN string as "\C4\81" or as the plain UTF-8 "ā".
> 
> regards,
> Douglas
> 
> 
>

More information about the cifs-protocol mailing list