Menu
I'm using python-ldap to query Active Directory
I have this DN
CN=Whalen\, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net
That works fine as a base in a query, but if I try to use it in a search filter like this
(&(objectClass=group)(memberof:1.2.840.113556.1.4.1941:=CN=Whalen\, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net))
I get a Bad search filter error. From my testing, the comma in the CN seems to be the culprit, even though I escaped it with a backslash (\). But, comma isn't listed in the Microsoft documentation as a character that needs escaped in filters.
What am I missing?
829
To search for a special character that has a special function in the query syntax, you must escape the special character by adding a backslash before it, for example: To search for the string "where?", escape the question mark as follows: "where\?"
Analyze the string for dn values, separate them and escape them as per dn escape rules if they are not already escaped. Search the remainder of the string for special characters in attribute values and escape them as per general filter escape rules if they are not already escaped.
ASCII escape character The ASCII "escape" character (octal: \033 , hexadecimal: \x1B , or ^[ , or, in decimal, 27 ) is used in many output devices to start a series of characters called a control sequence or escape sequence.
\ is a special character within a string used for escaping. "\" does now work because it is escaping the second " . To get a literal \ you need to escape it using \ .
The LDAP filter specification assigns special meaning to the following characters * ( ) \ NUL that should be escaped with a backslash followed by the two character ASCII hexadecimal representation of the character when used in a search filter (rfc2254) :
* \2A
( \28
) \29
\ \5C
Nul \00
That means any backslash used for escaping a Distinguished Name' special character (including commas) must be represented by \5c in a search filter :
(&(objectClass=group)(memberof:1.2.840.113556.1.4.1941:=CN=Whalen\5c, Sean,OU=Users,OU=Users and Groups,DC=example,DC=net))
Here is the list of dn special characters that must be escaped with \, or whith \5C when used in a search filter :
+-------------------------------+---+
| comma | , |
+-------------------------------+---+
| Backslash character | \ |
+-------------------------------+---+
| Pound sign (hash sign) | # |
+-------------------------------+---+
| Plus sign | + |
+-------------------------------+---+
| Less than symbol | < |
+-------------------------------+---+
| Greater than symbol | > |
+-------------------------------+---+
| Semicolon | ; |
+-------------------------------+---+
| Double quote (quotation mark) | " |
+-------------------------------+---+
| Equal sign | = |
+-------------------------------+---+
| Leading or trailing spaces | |
+-------------------------------+---+
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
