I need to make several queries to LDAP directory server and I'm using JNDI directory facilities for it. Then I need to do some work with the objects from the query result using their distinguished names. Some of the entries returned by the server contain forward slash character, and because of this JNDI escapes the whole name with double quotes:
NamingEnumeration<SearchResult> results = dirContext.search(queryRoot, queryFilter, controls);
for (SearchResult result : Collections.list(results)) {
String objectName = result.getName();
System.out.println(objectName);
}
If one of the objects in the query results has a name, say, 'b=id/10,a=1', it is printed like this
"b=id/10,a=1"
Note the double quotes around the name. Because of these quotes I cannot create javax.naming.ldap.LdapName
from it directly: it fails with NamingException
"Invalid name".
I understand that I can remove these quotes manually, but this feels hacky. Is there a way to avoid such escaping? Or maybe there are cleaner methods to do what I need?
P.S. It is funny that official JNDI tutorial suggests using LdapName
to achieve "easy name manipulation" and even mentions the escape problem but does not provide any links on the problem described above.
The search result return by SearchResult.getName() is of the form of
CompositeName
. Try to use it like this:Strange escaping will be removed from
absoluteName
.If an
AttributeValue
has LDAP-specific syntax, the characters are converted (using the defined syntax specification) to UTF-8 and only the following characters must be escaped:' '
(space) at the beginning of the string' '
(space) at the end of the string'"'
'+'
(the plus character indicates a multi-valued RDN),
(the comma character separates components of the distinguished name);
<
>
\
The forward slash is a valid character and need not be escaped, therefore it must be handled by the application and the API used by that application. As you noted, the forward slash has "special meaning" to JNDI. JNDI is poorly designed in many respects, this is only one of the many. Consider using the UnboundID LDAP SDK for new code.
For example, add the following entry:
retrieve the entry just added:
see also