[erlang-questions] problem with eldap module

Guilherme Andrade g@REDACTED
Fri Oct 4 21:32:13 CEST 2019


Hello Maxim,


On Fri, 4 Oct 2019 at 13:16, Minin Maxim <Maxim.Minin@REDACTED> wrote:

> Hello,
>
>
>
> I have a problem with eldap module.  The call  eldap:simple_bind(Handle,
> Dn, Password) don't work correct if the password contains sign '§'.
>
> Is it a known issue? Have I to report this as a bug?
>
>
>
> I think , the cause of the problem is maybe the encoding function in
> ELDAPv3 module (asn1 module from eldap lib). I have generated ELDAPv3.erl
> from ELDAPv3.asn1 (call asn1ct:compile("ELDAPv3.asn1") and found this:
>
> ...
>
> encode(Type, Data) ->
>
> try *iolist_to_binary(element(1, encode_disp(Type, Data)))* of
>
>   Bytes ->
>
>     {ok,Bytes}
>
> ......
>
>
>
> this call to iolist_to_binary makes the problem by § sign and should by
> replace by  unicode:characters_to_binary/3
>
> 1> erlang:iolist_to_binary([167]).
>
> <<"§">>
>
> 2> unicode:characters_to_binary([167], utf8, utf8).
>
> <<"§"/utf8>>
>
> 3>
>
>
>
> As a workaround I just convert the password string to binary bevor
> eldap:simple_bind/4 call, like that:
>
> ...
>
> PaswordAsBin = unicode:characters_to_binary(Password,utf8,utf8),
>
> BindAnswer =  eldap:simple_bind(UserHandle,DN,PaswordAsBin),
>

I've encountered this issue before; I worked around it the same way you
did, while also applying an extra conversion for Dialyzer's sake:

    Normalized = unicode:characters_to_nfkc_binary(Password),
    ByteList = binary_to_list(Normalized)

Which in effect produces a list of bytes that's UTF-8 encoded rather than
in IEC 8859-1.

I should point out though, that normalizing it to a single Unicode form is
important in this sort of thing, lest you get failed authorizations because
some password contains a symbol with more than a single representation.
At the time I concluded that the KC norm was the one to be used with LDAP,
but I don't recall the source.



> ...
>
>
>
> It works but according to documentation of eldap module the password have
> to be string:
>
> *"simple_bind(Handle, Dn, Password) -> return_value()*
>
> *                OTP R15B01*
>
> *Types*
>
> *Handle = handle()*
>
> *Dn = string()*
>
> *Password = string()*
>
> *Authenticate the connection using simple authentication."*
>
>
>
> Thanks
>
> Maxim
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>


-- 
Guilherme
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20191004/9b8b068c/attachment.htm>


More information about the erlang-questions mailing list