Is there a .Net method to escape charactes in a LDPA path? RRS feed

  • Question

  • I have a program which retrieves the values from the "memberOf"  attributes of a given DirectoryEntry object. Those values are DN that can contain characters that would need to be escaped if used in another call to DirectoryEntry ().


    For example; i have a memberOf attribute with this: CN=GrpA / GrpB,CN=Users,DC=vmdev,DC=local


    when I run


    DirectoryEntry oNewDE = new DirectoryEntry("LDAP://" + @"GrpA / GrpB,CN=Users,DC=vmdev,DC=local")


    I get an exception (x80005000) when I access most of the properties of oNewDE.  The offending character in the LDAP path needs to be escaped before I call "new DirectoryEntry()"


    Is there a known method somewhere in the .Net Framework that would perform the escaping of the special characters in a LDAP path string?

    Friday, September 21, 2007 6:20 PM

All replies

  • What's the offending character?  I don't see a backslash in your string literals.
    Friday, September 21, 2007 11:22 PM
  • The article in provides a list of reserved characters in a LDAP path;


          space or # character at the beginning of a string
          space character at the end of a string
      ,   comma 
      +   plus sign
      "   double quote
      \   backslash 
      <   left angle bracket
      >   right angle bracket
      ;   semicolon
      LF  line feed
      CR  carriage return
      =   equals sign
      /   forwards slash



    From Active Directory Users and Computers, I created these test AD groups and I modified my AD user account
    to be a member of these same groups;


      Char , comma
      Char + plus
      Char " double quote
      Char \ backslash
      Char < left angle
      Char > right angle
      Char ; semicolon
      Char = equals
      Char / forward slash


    When I use a tool like Softera LDAP Browser to see which groups my AD account is a "memberOf", the LDAP paths
    are represented as

      CN=Char \, comma,OU=.....
      CN=Char \+ plus,OU=.....
      CN=Char \" double quote,OU=.....
      CN=Char \\ backslash,OU=.....
      CN=Char \< left angle,OU=.....
      CN=Char \> right angle,OU=.....
      CN=Char \; semicolonv
      CN=Char \= equals,OU=.....
      CN=Char / forward slash,OU=.....


    The forward slash is the only character Windows AD does not store with an "\" escape character and it is where
    my program is failing ... I use the LDAP path returned from AD is other AD calls which fails with 0x80005000.

    I would rather use a ready made .Net method to escape special characters in a LDAP path instead of writing my own method.

    Monday, September 24, 2007 7:58 PM
  • I could not fing any article to describe why of all the restricted LDAP characters, the forward slash "/" character is the only one not escaped in the AD containers.

    Is this "by design" or is it a bug?

    If it is a bug, is there a KB or possibly a hotfix for W2K3 SP2?
    Wednesday, September 26, 2007 10:09 PM
  • I met the same problem in C#, but when using vbscript, i can escape the "/" to "\/" . So it means the ldap accept the escape of forwards slash, and i tried:

     path = "LDAP://" + path.Replace("/","\\/");

    It's working!!!

    • Proposed as answer by Rich.wray2 Thursday, January 20, 2011 2:42 PM
    Tuesday, May 18, 2010 8:01 AM
  • An forward slash indicates the path. LDAP://,DC=microsoft,DC=com
    Tuesday, May 18, 2010 9:03 AM
  • I ran into the same thing, and this was the fix... lots of distinguishednames with a forward slash in the CN portion.

    Thursday, January 20, 2011 2:43 PM