LDAP-97: Escaping of weird characters in DistinguishedNames is inconsistent

[rwinch]

Migrated from ["LDAP-97":https://jira.spring.io/browse/LDAP-97]

I can create a DistinguishedName that contains a \r, I can bind and unbind with the given DN, but I cannot do a LdapTemplate.search() with a ParametrizedContextMapper where the search matches the entry with the weird dn even if the contextmapper doesn't even touch the DirContextAdapter. Not that I really want to put carriage returns in my DNs, but I guess this might be considered as a bug anyway.:)

Sample code that generates a org.springframework.ldap.BadLdapGrammarException:

    DirContextAdapter ctx=new DirContextAdapter();
    ctx.addAttributeValue("objectclass", "person");
    ctx.addAttributeValue("sn", "lisadotter");
    DistinguishedName dn=new DistinguishedName();
    dn.add("cn","lisa \r lisadotter");
    try{
        ldapTemplate.bind(dn, ctx, null);

        EqualsFilter filter = new EqualsFilter("sn", "lisadotter");
        List foo = ldapTemplate.search("", filter.encode(), 
                new ParameterizedContextMapper<String>(){
            public String mapFromContext(Object arg0)
            {
                return "foo";
            }
        });
    } finally {
        ldapTemplate.unbind(dn);
    }

Exception in thread "main" org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 9. Encountered: "\r" (13), after : ""]; remaining name '' Caused by: javax.naming.NamingException: problem generating object using object factory [Root exception is org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 9. Encountered: "\r" (13), after : ""]; remaining name '' at com.sun.jndi.ldap.LdapSearchEnumeration.createItem(LdapSearchEnumeration.java:111) at com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:256) at com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:236) at com.sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:184) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:275) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:234) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:583) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:497) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:447) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:468) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:486) at se.kth.infosys.ldapperformance.TestBug.main(TestBug.java:39) Caused by: org.springframework.ldap.BadLdapGrammarException: Failed to parse DN; nested exception is org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 9. Encountered: "\r" (13), after : "" at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:145) at org.springframework.ldap.core.DistinguishedName.(DistinguishedName.java:100) at org.springframework.ldap.core.DirContextAdapter.(DirContextAdapter.java:139) at org.springframework.ldap.core.support.DefaultDirObjectFactory.getObjectInstance(DefaultDirObjectFactory.java:61) at javax.naming.spi.DirectoryManager.createObjectFromFactories(DirectoryManager.java:218) at javax.naming.spi.DirectoryManager.getObjectInstance(DirectoryManager.java:197) at com.sun.jndi.ldap.LdapSearchEnumeration.createItem(LdapSearchEnumeration.java:105) ... 11 more Caused by: org.springframework.ldap.core.TokenMgrError: Lexical error at line 1, column 9. Encountered: "\r" (13), after : "" at org.springframework.ldap.core.DnParserImplTokenManager.getNextToken(DnParserImplTokenManager.java:690) at org.springframework.ldap.core.DnParserImpl.jj_ntk(DnParserImpl.java:249) at org.springframework.ldap.core.DnParserImpl.attributeTypeAndValue(DnParserImpl.java:98) at org.springframework.ldap.core.DnParserImpl.rdn(DnParserImpl.java:58) at org.springframework.ldap.core.DnParserImpl.dn(DnParserImpl.java:23) at org.springframework.ldap.core.DistinguishedName.parse(DistinguishedName.java:139) ... 17 more

(I guess it is related to that a "new DistinguishedName("cn=foo \r bar")" will throw the same exception, but in that case I think it is pretty fair even if I would prefer a different behavior, since the constructor documentation says that the string should be a correct rdn.)

[rwinch]

["Mattias Hellborg Arthursson":https://jira.spring.io/secure/ViewProfile.jspa?name=marthursson] said:

It's kind of unclear, but the DistinguishedName RFC seems to allow this, so our parser should probably do so as well.

[rwinch]

["Mattias Hellborg Arthursson":https://jira.spring.io/secure/ViewProfile.jspa?name=marthursson] said:

On closer examination of the relevant RFCs it turned out that the LDAP v2 DN RFC explicitly forbids '\r', whereas the LDAP v3 DN RFC allows it. We should be as compliant as possible so we're now allowing '\r'.