@@ -305,9 +305,13 @@ public String encodeForLDAP(String input, boolean encodeWildcards) {
305305 }
306306 // TODO: replace with LDAP codec
307307 StringBuilder sb = new StringBuilder ();
308- // According to "Special Characters" at [1], the encoder should escape '*', '(', ')', '\', '/', NUL. Also see [2].
308+ // According to Microsoft docs [1,2], the forward slash ('/') MUST be escaped.
309+ // According to RFC 4513 Section 3 [3], the forward slash (and other characters) MAY be escaped.
310+ // Since Microsoft is a MUST, escape forward slash for all implementations. Also see discussion at [4].
309311 // [1] https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax
310312 // [2] https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx
313+ // [3] https://tools.ietf.org/search/rfc4515#section-3
314+ // [4] https://lists.openldap.org/hyperkitty/list/[email protected] /thread/3QPDDLO356ONSJM3JUKD7NMPOOIKIQ5T/ 311315 for (int i = 0 ; i < input .length (); i ++) {
312316 char c = input .charAt (i );
313317 switch (c ) {
@@ -354,9 +358,7 @@ public String encodeForDN(String input) {
354358 if ((input .length () > 0 ) && ((input .charAt (0 ) == ' ' ) || (input .charAt (0 ) == '#' ))) {
355359 sb .append ('\\' ); // add the leading backslash if needed
356360 }
357- // According to [1] and [2], the encoder should escape forward slash ('/') in DNs.
358- // [1] https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax
359- // [2] https://social.technet.microsoft.com/wiki/contents/articles/5312.active-directory-characters-to-escape.aspx
361+ // See discussion of forward slash ('/') in encodeForLDAP()
360362 for (int i = 0 ; i < input .length (); i ++) {
361363 char c = input .charAt (i );
362364 switch (c ) {
0 commit comments