Re: Special Characters in AD Fields

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Al Mulnick (amulnick_No_SPAM_at_ncDOTrr.com)
Date: 09/30/04

Next message: Nenad Muzic: "Delegate control for Help Desk team"
Previous message: Andrei Ungureanu: "Re: Can not change password from win98-clients in W2K3-AD"
In reply to: Paul Nelson: "Re: Special Characters in AD Fields"
Next in thread: vanderkerkoff: "Re: Special Characters in AD Fields"
Reply: vanderkerkoff: "Re: Special Characters in AD Fields"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 30 Sep 2004 09:13:42 -0400

I typically recommend that MVP's not use any special characters, but that's
just me; it can be like herding kittens <G>

Seriously though, are you sure it's the Active Directory that's giving you
fits? There are other applications that make it a poor choice to use
special characters such as URLScan
(http://support.microsoft.com/default.aspx?scid=kb;en-us;q309508) which will
try to deny characters such as the ampersand. Even though an ampersand can
be a normal and valid LDAP character (ASCII 35 right?)

As Paul notes with the search syntax RFC, you should follow the RFC
character recommendations. But you should follow them for LDAP as well as
HTTP since that's where the problem comes in. Even Microsoft has had past
problems with special characters in URL's for example when OWA tried to
render a message with a special character in the subject line. Was it
allowed in the SMTP RFC?

***As a best practice, your directory should not be considered dirty, but
rather as an asset that is well managed. That, I'm sure is another battle
for another time.***

Additional information can be found here:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ldap/ldap/distinguished_names.asp?frame=true
and in RFC 2253 here http://www.ietf.org/rfc/rfc2253.txt on top of the RFC
Paul mentions but most important to you though would be these:

http://www.faqs.org/rfcs/rfc2255.html <<<<< Read this first!!!! *********

"Note that any URL-illegal characters (e.g., spaces), URL special
   characters (as defined in section 2.2 of RFC 1738) and the reserved
   character '?' (ASCII 63) occurring inside a dn, filter, or other
   element of an LDAP URL MUST be escaped using the % method described
   in RFC 1738 [5]. If a comma character ',' occurs inside an extension
   value, the character MUST also be escaped using the % method."

http://www.faqs.org/rfcs/rfc1738.html
(excerpt from section 2.2)

"Reserved:

   Many URL schemes reserve certain characters for a special meaning:
   their appearance in the scheme-specific part of the URL has a
   designated semantics. If the character corresponding to an octet is
   reserved in a scheme, the octet must be encoded. The characters ";",
   "/", "?", ":", "@", "=" and "&" are the characters which may be
   reserved for special meaning within a scheme. No other characters may
   be reserved within a scheme."

Al Mulnick{Directory Services MVP}

"Paul Nelson" <nelson@thursby.com> wrote in message
news:BD81685B.1A8B4%nelson@thursby.com...
> RFC 1558?
>
> LDAP code always needs to be aware of characters that require "special
> handling" when you form your filter requests.
>
>
>
> in article 5D857285-DC45-4DCC-8D0A-965770715DB7@microsoft.com,
> vanderkerkoff
> at vanderkerkoff@discussions.microsoft.com wrote on 9/29/04 10:21 AM:
>
>> Hello everyone.
>>
>> I'm encountering a problem accessing our internal AD with LDAP. I'm
>> creating URL's out of the data and some of the characters in the AD
>> fields
>> are causing problems, i.e., &.
>>
>> I'm attempting to persuade our server team to remove these types of
>> characters but I'm meeting wiht resistance. Claiming I shoudl write
>> defensive code all the time and assume that the data in the AD is dirty
>> anyway. I don't think I should have to do this so what I am looking for
>> is
>> the following.
>>
>> Does anyone konw of or have a best pracitses document concerning the use
>> of
>> special characters in the AD fields and what systems will be affected by
>> the
>> use of them??
>>
>> A list of characters not recommended to be used by an MVP would do ti I
>> think.
>>
>> Anyone, any thoughts or information would be greatly appreciated.
>>
>> Matt
>
>

Next message: Nenad Muzic: "Delegate control for Help Desk team"
Previous message: Andrei Ungureanu: "Re: Can not change password from win98-clients in W2K3-AD"
In reply to: Paul Nelson: "Re: Special Characters in AD Fields"
Next in thread: vanderkerkoff: "Re: Special Characters in AD Fields"
Reply: vanderkerkoff: "Re: Special Characters in AD Fields"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Open Office Suite
... has been used as page layout program with lots of graphics or lots of special ... Powerpoint compatibility depends upon the ... and special characters in the type. ...
(comp.sys.mac.advocacy)
Re: VBScript String Replace - Remove / Replace Characters in String
... uses the RegExp object to replace characters from the input string. ... I am trying to remove all special characters detailed in the pattern, ... Dim objRegExp, strOutput ...
(microsoft.public.scripting.vbscript)
Re: Troubles with Special Characters using Shorthand for Windows 10 in Word 2010 under Windows 7
... Shorthand 10 and Windows 7 running Word 2010. ... special characters such as the "e" with a circumflex accent in the ... problem is a function of Word's autocorrect feature somehow? ...
(sci.med.transcription)
Re: A
... the characters 'fn_name' become the ... They will not form two separate tokens of '', ... parentheses are not special characters (that is, ...
(comp.unix.shell)
Re: Special Characters in AD Fields
... A problem with an account lifecycle mgmt tool that prevents the use ... of undesirable characters written in .NET? ... garbage and a coding practice that takes into account the special characters ... >> As Paul notes with the search syntax RFC, ...
(microsoft.public.windows.server.active_directory)