I'm trying to get DirectoryEntry from OpenLDAP server for a dn that looks like "LDAP://server/cn=John Smith+sn=Smith,ou=people,dc=corp,dc=org":
> New-Object "LDAP://server/cn=John Smith+sn=Smith,ou=people,dc=corp,dc=org", "user", "pass", "FastBind"
It returns error 0x80005000, which, I assume means that some characters in dn are not escaped. (For any dn that do not contains '+sn=' this code works fine)
Documentation states, that special characters should be escaped, but escaping dn in any way:
Yields "There is no such object on the server".
Furthermore, parent ou don't list any children with '+sn=' substring in dn, but DirectorySearcher for specific filter, like '(cn=John Smith)', return correct result.
> $ent = New-Object "LDAP://server/ou=people,dc=corp,dc=org", "user", "pass", "FastBind"
> $ent.Children
....
everything, except Jonh Smith
....
> Search-ldap "(cn=John Smith)"
Path Properties
---- ----------
LDAP://server/cn=John Smith+sn=Smith,ou=peopl... {sambapwdlastset, telephonenumber, sn...}
LDAP Browser (based, as I assume, on dotNet LDAP component) also don't display this entry in parent ou.
So, is there any method to correctly escape dn like this?
UPDATE
Java clients work fine, wireshark shows that java sends unescaped string to get object, and dotNet sends escaped string and gets nothing.
Is it possible to escape string or reconfigure openldap server to accept escaped string?
For Windows8 (and Server2012), there's a Hotfix from Microsoft. http://support.microsoft.com/kb/2802148
User contributions licensed under CC BY-SA 3.0