Re: Support for Base64 encoded values

[Arthur de Jong <arthur [at] arthurdejong.org>]

On Mon, 2017-06-19 at 14:52 +0000, Ricardo Padilha wrote:
> From my reading of the RFC, it looks like it. Unfortunately, as far
> as I can tell openldap does not yet support RFC 4518 according to
> http://www.openldap.org/faq/data/cache/649.html. They also claim that
> most LDAP server implementations don’t support RFC 4518 either.

Yeah, my understanding is also that most implementations follow certain
expired Internet Drafts mostly.

> In fact the RFC seems to include a lot more than normalization:
> 
> “ The following six-step process SHALL be applied to each presented
> and attribute value in preparation for character string matching rule
> Evaluation.
> 
>   1) Transcode
>   2) Map
>   3) Normalize
>   4) Prohibit
>   5) Check bidi
>   6) Insignificant Character Handling”

I haven't ready the full RFC but from the text it was not clear to be
*who* SHALL implement those rules in the first place. Is it the LDAP
server or is it the LDAP client library of the application calling the
LDAP library (I know the distinction between the library and the
application will probably not be specified in the RFC).

Anyway, attached is an improved (fixes a bug) and slightly tested
patch. If I put josé ("jos\xc3\xa9") in LDAP I can get the entry with
both these:

getent passwd `printf "jose\xcc\x81"`
getent passwd `printf "jos\xc3\xa9"`

I can login also with both versions of the user name (it is
automatically turned into "jos\xc3\xa9").

-- 
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --

Attachment: implement-utf-8-string-normalisation.patch
Description: Text Data

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/