[Product-Developers] LDAPMultiPlugins developers: please read this - possible localization problem
Wichert Akkerman
wichert at wiggy.net
Sat Aug 23 06:46:57 UTC 2008
Previously Alberto Lopes wrote:
> I haven't studied the code for the product (neither Plone code for that
> matter), so I started guessing (and that's why I would like to hear from
> Wichert or some other people who worked on this product, if I am making the
> correct guesses). I saw this:
>
> cns = [ x.split(',')[0] for x in (ldap_user.memberOf or []) ]
>
> Which seemed to me like a string splitting thing. Seems like we are getting
> the memberOf collection (which is a single string for what I get) and
> splitting it using the comma as the separator to produce a list of cns.
memberOf is a list of DN strings. This line builds a list of the first
rDN part of each entry in that list. Hence the variable name "cns": it
is a list of canonical names partst of the memberOf values.
> If I am correct, that would not work correctly, because the list separator
> in our AD is the semicolon (;). Most Windows instalations in Portuguese use
> the semicolon for list separation because the comma is our decimal separator
> and the point is actually our thousands separator.
That may be true in how it displays LDAP entries on your screen, but the
actual format used on the wire is defined by the RFC and not
locale-dependent.
> returned by AD used semicolon to separate the group DNs, and comma to
> separate the DN elements. Here is what a memberOf string looks like in our
> installation (the example is for a user with two groups - I changed the
> letters and digits for confidentiality issues):
>
> CN=Alfa_QWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd;CN=ZXCV66_POIUYT_LKJHG_QAZXSWE,OU=Zxcvb,OU=QW11,DC=qw11,DC=asd
>
> I thought that my guess would explain why the unicode errors: the users with
> strange chars in the DNs would probably get the name value pairs messed up
> and the value of a pair would be incorrectly used as a name. That would make
> Plone try to look for some users' group using the non-ascii part as a
> identifier or something.
>
> So, I changed the x.split(',') for x.split(';') in the file and everything
> worked.
It is more likely that you broke group handling and never saw the real
problem due to that change.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Product-Developers
mailing list