Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
The CiscoSecure ACS for Windows LDAP search query ASCII characters are non-RFC compatible
This problem occurs due to the presence of Cisco bug ID CSCeg60140.
Special character encoding in CiscoSecure ACS for Windows Lightweight Directory Access Protocol (LDAP) v3 search queries does not meet the RFC standards.
The String Representation of LDAP Search Filters indicates that search strings using certain special characters must be encoded with the backslash (\) character followed by the two hexadecimal digits that represent the ASCII value of the encoded character. For example, a \ must be \5c and a ( must be \28. The logs indicate that this encoding does not happen, as shown:
AUTH 12/07/2004 15:33:16 I 0360 0992 External DB [DServDll.dll]: Start search operation... AUTH 12/07/2004 15:33:16 I 0360 0992 External DB [DServDll.dll]: Search ou=memberlist, ou=ibmgroups, o=ibm.com for groups using: (&objectclass=GroupOfUniqueNames)(UniqueMember=uid=6589+5897,c=us,ou=bluepages,o=ibm.com)) result 0
The \ in the user ID must be encoded as \5c in order to meet RFC standards. The search string must appear as shown: