Is there a .Net method to escape charactes in a LDPA path?

Question

I have a program which retrieves the values from the "memberOf"  attributes of a given DirectoryEntry object. Those values are DN that can contain characters that would need to be escaped if used in another call to DirectoryEntry ().

 

For example; i have a memberOf attribute with this: CN=GrpA / GrpB,CN=Users,DC=vmdev,DC=local

 

when I run

 

DirectoryEntry oNewDE = new DirectoryEntry("LDAP://" + @"GrpA / GrpB,CN=Users,DC=vmdev,DC=local")

 

I get an exception (x80005000) when I access most of the properties of oNewDE.  The offending character in the LDAP path needs to be escaped before I call "new DirectoryEntry()"

 

Is there a known method somewhere in the .Net Framework that would perform the escaping of the special characters in a LDAP path string?

Answer 1

What's the offending character?  I don't see a backslash in your string literals.

Answer 2

The article in http://msdn2.microsoft.com/en-us/library/aa366101.aspx provides a list of reserved characters in a LDAP path;

 

      space or # character at the beginning of a string
      space character at the end of a string
  ,   comma 
  +   plus sign
  "   double quote
  \   backslash 
  <   left angle bracket
  >   right angle bracket
  ;   semicolon
  LF  line feed
  CR  carriage return
  =   equals sign
  /   forwards slash

 

 

From Active Directory Users and Computers, I created these test AD groups and I modified my AD user account
to be a member of these same groups;

 

  Char , comma
  Char + plus
  Char " double quote
  Char \ backslash
  Char < left angle
  Char > right angle
  Char ; semicolon
  Char = equals
  Char / forward slash

 

When I use a tool like Softera LDAP Browser to see which groups my AD account is a "memberOf", the LDAP paths
are represented as

  CN=Char \, comma,OU=.....
  CN=Char \+ plus,OU=.....
  CN=Char \" double quote,OU=.....
  CN=Char \\ backslash,OU=.....
  CN=Char \< left angle,OU=.....
  CN=Char \> right angle,OU=.....
  CN=Char \; semicolonv
  CN=Char \= equals,OU=.....
  CN=Char / forward slash,OU=.....

 

The forward slash is the only character Windows AD does not store with an "\" escape character and it is where
my program is failing ... I use the LDAP path returned from AD is other AD calls which fails with 0x80005000.

I would rather use a ready made .Net method to escape special characters in a LDAP path instead of writing my own method.

Answer 3

I could not fing any article to describe why of all the restricted LDAP characters, the forward slash "/" character is the only one not escaped in the AD containers.

Is this "by design" or is it a bug?

If it is a bug, is there a KB or possibly a hotfix for W2K3 SP2?

Answer 4

I met the same problem in C#, but when using vbscript, i can escape the "/" to "\/" . So it means the ldap accept the escape of forwards slash, and i tried:

 path = "LDAP://" + path.Replace("/","\\/");

It's working!!!

Answer 5

An forward slash indicates the path. LDAP://microsoft.com/CN=Users,DC=microsoft,DC=com

Answer 6

I ran into the same thing, and this was the fix... lots of distinguishednames with a forward slash in the CN portion.