I have a program which retrieves the values from the "memberOf" attributes of a given DirectoryEntry object. Those values are DN that can contain characters that would need to be escaped if used in another call to DirectoryEntry ().
For example; i have a memberOf attribute with this: CN=GrpA / GrpB,CN=Users,DC=vmdev,DC=local
when I run
DirectoryEntry oNewDE = new DirectoryEntry("LDAP://" + @"GrpA / GrpB,CN=Users,DC=vmdev,DC=local")
I get an exception (x80005000) when I access most of the properties of oNewDE. The offending character in the LDAP path needs to be escaped before I call "new DirectoryEntry()"
Is there a known method somewhere in the .Net Framework that would perform the escaping of the special characters in a LDAP path string?
The article in http://msdn2.microsoft.com/en-us/library/aa366101.aspx provides a list of reserved characters in a LDAP path;
space or # character at the beginning of a string
space character at the end of a string
+ plus sign
" double quote
< left angle bracket
> right angle bracket
LF line feed
CR carriage return
= equals sign
/ forwards slash
From Active Directory Users and Computers, I created these test AD groups and I modified my AD user account
to be a member of these same groups;
Char , comma
Char + plus
Char " double quote
Char \ backslash
Char < left angle
Char > right angle
Char ; semicolon
Char = equals
Char / forward slash
When I use a tool like Softera LDAP Browser to see which groups my AD account is a "memberOf", the LDAP paths
are represented as
CN=Char \, comma,OU=.....
CN=Char \+ plus,OU=.....
CN=Char \" double quote,OU=.....
CN=Char \\ backslash,OU=.....
CN=Char \< left angle,OU=.....
CN=Char \> right angle,OU=.....
CN=Char \; semicolonv
CN=Char \= equals,OU=.....
CN=Char / forward slash,OU=.....
The forward slash is the only character Windows AD does not store with an "\" escape character and it is where
my program is failing ... I use the LDAP path returned from AD is other AD calls which fails with 0x80005000.
I would rather use a ready made .Net method to escape special characters in a LDAP path instead of writing my own method.
I could not fing any article to describe why of all the restricted LDAP characters, the forward slash "/" character is the only one not escaped in the AD containers.
Is this "by design" or is it a bug?
If it is a bug, is there a KB or possibly a hotfix for W2K3 SP2?
I met the same problem in C#, but when using vbscript, i can escape the "/" to "\/" . So it means the ldap accept the escape of forwards slash, and i tried:
path = "LDAP://" + path.Replace("/","\\/");
- Proposed as answer by Rich.wray2 Thursday, January 20, 2011 2:42 PM