Overview#Escaping Distinguished Names is described in RFC 4514
- SPACE (' ') (U+0020)
- DQUOTE (") (U+0022)
- SHARP (#) (U+0023)
- PLUS (+) (U+002B)
- COMMA (,) (U+002C)
- SEMI (;) (U+003B)
- LANGLE (<) (U+003C)
- EQUALS (=) (U+003D)
- RANGLE (>) (U+003E)
- backslash (\) (U+005C)
Preferred method#This is preferred method as it appears to be the most reliable across LDAP Client implementations. If a character to be escaped is one of the special characters, precede it by a backslash ('\' ASCII 92). This example shows a method of escaping a comma in an organization name:
CN=L. Eagle,O=Sue\, Grabbit and Runn,C=GBThis is the preferred method. hex digits, which form a single byte in the code of the character. The code of the character must be in UTF-8 code set.
CN=L. Eagle,O=Sue\2C Grabbit and Runn,C=GB
Surround with "DQUOTE"#Surround the entire attribute value by "" (quotation marks) (ASCII 34), that are not part of the value. Between the quotation character pair, all characters are taken as is, except for the \ (backslash). The \ (backslash) can be used to escape a backslash (ASCII 92) or quotation marks (ASCII 34), any of the special characters previously mentioned, or hex pairs as in method 2. For example, to escape the quotation marks in cn=xyz"qrs"abc, it becomes cn=xyz\"qrs\"abc or to escape a \: "you need to escape a single backslash this way
" Another example, "\Zoo" is illegal, because 'Z' cannot be escaped in this context.