1

I have an issue with an ldap entry. I try to create a dn such as :

dn: ou=élèves,ou=1A,ou=Classes,ou=Personnes,dc=ldap,dc=ecoleplurielle,dc=local

as I have utf-8 characters in ou=élèves I translate this value in base-64 and add an extra colon after the dn, which gives me :

dn::b3U9w6lsw6h2ZXMsb3U9MlNBLG91PUNsYXNzZXMsb3U9UGVyc29ubmVzLGRjPWxkYXAsZGM9ZWNvbGVwbHVyaWVsbGUsZGM9bG9jYWw=

The thing is when I use ldapadd with this entry, the command seems to auto generate comments and in this autogenerated comment, utf-8 characters a wrongly represented.

Let's see in details:

My ldapsearch result gives me this. You can see that the third comment starts by \C3\A9 and \C3\A8 which are hex values for utf-8 letters é and è.

enter image description here

enter image description here

On this image you can see the ldif used to populate ldap.

The weird thing is I do not write comments in the ldif file. The buggy line seems to appear on its own. You'd say it doesn't matter as it's just a comment but it makes phpLDAPadmin crash...

I already tried to convert the ldif in utf-8 using iconv.

Do someone know how to prevent this comment from being generated? Is there something I miss here?

EricLavault
  • 12,130
  • 3
  • 23
  • 45
gchaste
  • 11
  • 1

1 Answers1

0

You can disable comments in the ldif output of ldapsearch using the -L option :

Search results are display in LDAP Data Interchange Format detailed in ldif(5). A single -L restricts the output to LDIFv1. A second -L disables comments. A third -L disables printing of the LDIF version. The default is to use an extended version of LDIF.

ldapsearch -LL [options]

Note that instead of turning whole dn string into base64, you could write accented characters as printable ASCII by escaping the hex pair given by their UTF-8 encoding, as specified by RFC 4514 :

Unicode Letter Description        UCS code   UTF-8    Escaped
-------------------------------   --------   ------   --------
Latin Small Letter E with Acute   U+00E9     0xC3A9   \C3\A9
Latin Small Letter E with Grave   U+00E8     0xC3A8   \C3\A8

Which indeed turns the dn into :

dn: ou=\C3\A9l\C3\A8ves,ou=1A,ou=Classes,ou=Personnes,dc=ldap,dc=ecoleplurielle,dc=local

It would be interesting to check whether phpLDAPadmin has a problem with this encoding, or if the crash was caused by the base64 encoded dn or something else (I would be glad to have your feedback!).

[Edit] - It seems related to this issue.

EricLavault
  • 12,130
  • 3
  • 23
  • 45
  • It doesn't seem phpLDAPadmin has any issue managing b64 encoded values. I have attributes which have b64 encoded strings as value and are rendered by phpLdapadmin. When I try to use the escaped values for accented letters it crashes. The values are recognized as é and è by openldap as they are correctly translated to b64 values. But when I reload phpldapadmin display it crashes. My issue remain. How to prevent phpLDAPpadmin to try to render such unicode values? I tried editing phpldapadmin config.php to use -LL and get rid of them but could not find how. Any ideas? – gchaste Nov 06 '22 at 06:31
  • So it seems it does not support escaped utf-8 at some point. Though I don't think the generated comment causes the issue, but rather just the fact that the dn contains an escaped sequence. PLA must handle it before even writing it down as a comment or anything. Having it represented as dn: or dn:: should not make a difference. In the meantime, I found an issue on PLA's repo which seems to be related to yours (if not exactly the same), you might want to check it, @see the link above. – EricLavault Nov 06 '22 at 14:57