1# Tree Structure
2dn: dc=example,dc=com
3objectClass: domain
4objectClass: domainRelatedObject
5dc: example
6associatedDomain: example.com
7
8dn: ou=LDAPv3,dc=example,dc=com
9objectClass: organizationalUnit
10ou: LDAPv3
11description: RFC 2253 compliant DN string representation
12
13dn: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
14objectClass: groupOfNames
15cn: Must Succeed
16# at least one member must be present; thus we use the entry's DN
17member: cn=Must Succeed,ou=LDAPv3,dc=example,dc=com
18# specific DN forms
19member: 
20member: UID=jsmith,DC=example,DC=net
21member: OU=Sales+CN=J. Smith,DC=example,DC=net
22member: CN=John Smith\, III,DC=example,DC=net
23member: OU=Sales\; Data\+Algorithms,DC=example,DC=net
24member: CN=Before\0dAfter,DC=example,DC=net
25member: CN=\23John Smith\20,DC=example,DC=net
26member: CN=Lu\C4\8Di\C4\87
27member: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example
28# DN forms already defined as "member" in a different string representation
29seeAlso: CN=John Smith\2C III,DC=example,DC=net
30seeAlso: OU=Sales\3B Data\2BAlgorithms,DC=example,DC=net
31seeAlso: CN=\#John Smith\ ,DC=example,DC=net
32# comment
33description: "member" values contain specific DN forms;
34description: "seeAlso" values contain DN forms already defined as "member",
35description: but in a different string representation;
36description: the following "description" values contain the "member" and
37description: "seeAlso" DN string representations used above.
38# list here all string representations used above in "member" and "seeAlso"
39description: ""
40description: UID=jsmith,DC=example,DC=net
41description: OU=Sales+CN=J. Smith,DC=example,DC=net
42description: CN=John Smith\, III,DC=example,DC=net
43description: CN=John Smith\2C III,DC=example,DC=net
44description: OU=Sales\; Data\+Algorithms,DC=example,DC=net
45description: OU=Sales\3B Data\2BAlgorithms,DC=example,DC=net
46description: CN=Before\0dAfter,DC=example,DC=net
47description: CN=\23John Smith\20,DC=example,DC=net
48description: CN=\#John Smith\ ,DC=example,DC=net
49description: CN=Lu\C4\8Di\C4\87
50description: testUUID=597ae2f6-16a6-1027-98f4-abcdefABCDEF,DC=Example
51
52dn: cn=Should Succeed,ou=LDAPv3,dc=example,dc=com
53objectClass: groupOfNames
54cn: Should Succeed
55member: cn=Should Succeed,ou=LDAPv3,dc=example,dc=com
56member: 1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
57member: 1.1.1=
58description: 1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com
59description: 1.1.1=
60
61dn: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
62objectClass: groupOfNames
63cn: Unescaped Equals
64member: cn=Unescaped Equals,ou=LDAPv3,dc=example,dc=com
65member: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com
66description: cn=A*x=b is a linear algebra problem,ou=LDAPv3,dc=example,dc=com // unescaped EQUALS
67
68dn: cn=Must Fail 1,ou=Groups,dc=example,dc=com
69objectClass: groupOfNames
70cn: Must Fail 1
71member: uid;x-option=jsmith
72description: uid;x-option=jsmith // option
73
74dn: cn=Must Fail 2,ou=Groups,dc=example,dc=com
75objectClass: groupOfNames
76cn: Must Fail 2
77member: at_tr=jsmith
78description: at_tr=jsmith // invalid attribute type name
79
80dn: cn=Must Fail 3,ou=Groups,dc=example,dc=com
81objectClass: groupOfNames
82cn: Must Fail 3
83member: -attr=jsmith
84description: -attr=jsmith // invalid attribute type name
85
86dn: cn=Must Fail 4,ou=Groups,dc=example,dc=com
87objectClass: groupOfNames
88cn: Must Fail 4
89
90dn: cn=Must Fail 5,ou=Groups,dc=example,dc=com
91objectClass: groupOfNames
92cn: Must Fail 5
93member: 1..1=jsmith
94description: 1..1=jsmith // invalid numeric OID
95
96dn: cn=Must Fail 6,ou=Groups,dc=example,dc=com
97objectClass: groupOfNames
98cn: Must Fail 6
99member: 1.1.=jsmith
100description: 1.1.=jsmith // invalid numeric OID
101
102dn: cn=Must Fail 7,ou=Groups,dc=example,dc=com
103objectClass: groupOfNames
104cn: Must Fail 7
105member: 01.1=jsmith
106description: 01.1=jsmith // invalid numeric OID
107
108dn: cn=Must Fail 8,ou=Groups,dc=example,dc=com
109objectClass: groupOfNames
110cn: Must Fail 8
111member: 1.ff=jsmith
112description: 1.ff=jsmith // invalid numeric OID
113
114dn: cn=Must Fail 9,ou=Groups,dc=example,dc=com
115objectClass: groupOfNames
116cn: Must Fail 9
117member: 1.1.1=#GG
118description: 1.1.1=#GG // invalid HEX form
119
120dn: cn=Must Fail 10,ou=Groups,dc=example,dc=com
121objectClass: groupOfNames
122cn: Must Fail 10
123member: 1.1.1=#000
124description: 1.1.1=#000 // invalid HEX form
125
126dn: cn=Must Fail 11,ou=Groups,dc=example,dc=com
127objectClass: groupOfNames
128cn: Must Fail 11
129member: 1.1.1=#F
130description: 1.1.1=#F // invalid HEX form
131
132dn: cn=Must Fail 12,ou=Groups,dc=example,dc=com
133objectClass: groupOfNames
134cn: Must Fail 12
135member: 1.1.1=#
136description: 1.1.1=# // invalid HEX form
137
138dn: cn=Must Fail 13,ou=Groups,dc=example,dc=com
139objectClass: groupOfNames
140cn: Must Fail 13
141member: UID=jsmith,,DC=example,DC=net
142description: UID=jsmith,,DC=example,DC=net // extra comma
143
144dn: cn=Must Fail 14,ou=Groups,dc=example,dc=com
145objectClass: groupOfNames
146cn: Must Fail 14
147member: UID=john,smith
148description: UID=john,smith // unescaped ,
149
150dn: cn=Must Fail 15,ou=Groups,dc=example,dc=com
151objectClass: groupOfNames
152cn: Must Fail 15
153member: UID=john+smith
154description: UID=john+smith // unescaped +
155
156dn: cn=Must Fail 16,ou=Groups,dc=example,dc=com
157objectClass: groupOfNames
158cn: Must Fail 16
159member: UID=john\?smith
160description: UID=john\?smith // invalid escape of ? or unescaped \
161
162dn: cn=Must Fail 17,ou=Groups,dc=example,dc=com
163objectClass: groupOfNames
164cn: Must Fail 17
165member: UID=john\Fsmith
166description: UID=john\Fsmith // invalid HEX escape
167
168dn: cn=Must Fail 18,ou=Groups,dc=example,dc=com
169objectClass: groupOfNames
170cn: Must Fail 18
171member: UID=john\GGsmith
172description: UID=john\GGsmith // invalid HEX escape
173
174# String representations we should accept for compatibility with RFC1779
175dn: ou=LDAPv2,dc=example,dc=com
176objectClass: organizationalUnit
177ou: LDAPv2
178description: RFC 1779 compliant DN string representation
179
180dn: cn=May Succeed 1,ou=LDAPv2,dc=example,dc=com
181objectClass: groupOfNames
182cn: May Succeed 1
183member:  
184description: " " // space, quote characters (") are not part of the string
185
186dn: cn=May Succeed 2,ou=LDAPv2,dc=example,dc=com
187objectClass: groupOfNames
188cn: May Succeed 2
189member: OID.0.9.2342.19200300.100.1.1=jsmith
190description: OID.0.9.2342.19200300.100.1.1=jsmith // invalid attribute type name
191
192dn: cn=May Succeed 3,ou=LDAPv2,dc=example,dc=com
193objectClass: groupOfNames
194cn: May Succeed 3
195member: UID=jsmith, O=example, C=US
196description: UID=jsmith, O=example, C=US // spaces
197
198dn: cn=May Succeed 4,ou=LDAPv2,dc=example,dc=com
199objectClass: groupOfNames
200cn: May Succeed 4
201member: UID=jsmith;O=example;C=US
202description: UID=jsmith;O=example;C=US // semi-colons
203
204dn: cn=May Succeed 5,ou=LDAPv2,dc=example,dc=com
205objectClass: groupOfNames
206cn: May Succeed 5
207member: <UID=jsmith,O=example,C=US>
208description: <UID=jsmith,O=example,C=US> // brackets
209
210dn: cn=May Succeed 6,ou=LDAPv2,dc=example,dc=com
211objectClass: groupOfNames
212cn: May Succeed 6
213member: CN="John Smith",O=example,C=US
214description: CN="John Smith",O=example,C=US // quotes
215
216# Other DN-related syntaxes
217dn: ou=Related Syntaxes,dc=example,dc=com
218objectClass: organizationalUnit
219ou: Related Syntaxes
220
221# Name and Optional UID
222dn: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
223objectClass: groupOfUniqueNames
224cn: Name and Optional UID
225uniqueMember: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
226uniqueMember: #'1'B
227uniqueMember: #'0010'B
228uniqueMember: dc=example,dc=com#'1000'B
229uniqueMember: dc=example,dc=com#''B
230description: cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com // only DN portion
231description: #'1'B // empty "" DN
232description: #'0010'B // empty "" DN with leading '0's
233description: dc=example,dc=com#'1000'B // with DN portion
234description: dc=example,dc=com#''B // with DN portion + bitstring with no bits
235
236dn: cn=Should Fail 1,cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
237objectClass: groupOfUniqueNames
238cn: Should Fail 1
239uniqueMember: #'1234'B
240description: #'1234'B // illegal digits other than '0' and '1'
241
242dn: cn=Should Fail 2,cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
243objectClass: groupOfUniqueNames
244cn: Should Fail 2
245uniqueMember: #'12ABCD'B
246description: #'12ABCD'B // illegal digits and chars other than '0' and '1'
247
248dn: cn=Should Parse as DN,cn=Name and Optional UID,ou=Related Syntaxes,dc=example,dc=com
249objectClass: groupOfUniqueNames
250cn: Should Parse as DN
251uniqueMember: dc=example,dc=com#0'B
252uniqueMember: dc=example,dc=com#'0B
253uniqueMember: dc=example,dc=com '0'B
254description: dc=example,dc=com#0'B // malformed UID?
255description: dc=example,dc=com#'0B // malformed UID?
256description: dc=example,dc=com '0'B // malformed UID?
257
258#  UID=jsmith,DC=example,DC=net                          [AoOn]
259#  304631133011060A0992268993F22C64011916036E657431      [AoO]
260#  173015060A0992268993F22C64011916076578616D706C65
261#  31163014060A0992268993F22C64010113066A736D697468
262#
263#  OU=Sales+CN=J. Smith,DC=example,DC=net                [AoOn]
264#  304F31133011060A0992268993F22C64011916036E657431      [AoO]
265#  173015060A0992268993F22C64011916076578616D706C65
266#  311F300C060355040B130553616C6573300F060355040313
267#  084A2E20536D697468
268#
269#  CN=John Smith\, III,DC=example,DC=net                 [AoOn]
270#  304831133011060A0992268993F22C64011916036E657431      [AoO]
271#  173015060A0992268993F22C64011916076578616D706C65
272#  311830160603550403130F4A6F686E20536D6974682C2049
273#  4949
274#
275#  CN=John Smith\2C III,DC=example,DC=net                [AoOn]
276#  304831133011060A0992268993F22C64011916036E657431      [AoO]
277#  173015060A0992268993F22C64011916076578616D706C65
278#  311830160603550403130F4A6F686E20536D6974682C2049
279#  4949
280#
281#  CN=Before\0dAfter,DC=example,DC=net                   [AoOn]
282#  304531133011060A0992268993F22C64011916036E657431      [AoO]
283#  173015060A0992268993F22C64011916076578616D706C65
284#  3115301306035504030C0C4265666F72650D4166746572
285#
286#  CN=\23John Smith\20,DC=example,DC=net                 [AoOn]
287#  304531133011060A0992268993F22C64011916036E657431      [AoO]
288#  173015060A0992268993F22C64011916076578616D706C65
289#  311530130603550403140C234A6F686E20536D69746820
290#
291#  CN=\#John Smith\ ,DC=example,DC=net                   [AoOn]
292#  304531133011060A0992268993F22C64011916036E657431      [AoO]
293#  173015060A0992268993F22C64011916076578616D706C65
294#  311530130603550403140C234A6F686E20536D69746820
295#
296#  FIXME: currently doesn't work
297#  1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com        [AoOn]
298#  304031133011060A0992268993F22C64011916036E657431      [AoO]
299#  173015060A0992268993F22C64011916076578616D706C65
300#  3110300E06082B060104018B3A0004024869
301#
302#  CN=Lu\C4\8Di\C4\87                                    [AoOn]
303#  30123110300E06035504030C074C75C48D69C487              [AoO]
304#
305#  FIXME: currently doesn't work
306#  1.1.1=    // empty value                              [AoO]
307#  300A31083006060229011300                              [AoO]
308#
309#Invalid DNs
310#  // some implementations may be liberal in what they accept
311#  // but should strict in what they produce.
312#
313#  uid;x-option=jsmith   // option                       [oOn]
314#
315#  at_tr=jsmith          // invalid attribute type name  [AoOn]
316#
317#  -attr=jsmith          // invalid attribute type name  [AoOn]
318#
319#  1..1=jsmith           // invalid numeric OID          [AoO]
320#
321#  1.1.=jsmith           // invalid numeric OID          [AoO]
322#
323#  01.1=jsmith           // invalid numeric OID          [oO]
324#
325#  1.ff=jsmith           // invalid numeric OID          [AoOn]
326#
327#  1.1.1=#GG             // invalid HEX form             [AoOn]
328#
329#  1.1.1=#000            // invalid HEX form             [AoO]
330#
331#  1.1.1=#F              // invalid HEX form             [AoO]
332#
333#  1.1.1=#               // invalid HEX form             [AoO]
334#
335#  UID=jsmith,,DC=example,DC=net  // extra comma         [AoOn]
336#
337#  UID=john,smith        // unescaped ,                  [AoOn]
338#
339#  UID=john+smith        // unescaped +                  [AoOn]
340#
341#  UID=john\?smith       // invalid escape of ? or unescaped \ [oOn]
342#
343#  UID=john\Fsmith       // invalid hex escape           [AoOn]
344#
345#  UID=john\GGsmith      // invalid hex escape           [oOn]
346#
347#The following strings are invalid for use in LDAPv3, but were
348#legal in LDAPv2 (RFC 1779).  Some LDAPv3 implementations are
349#liberal in accepting these but should not generate them.
350#
351#  " " // space, quote characters (") are not part of the string
352#
353#  OID.1.1=jsmith                    // invalid attribute type name
354#
355#  UID=jsmith, O=example, C=US       // spaces
356#
357#  UID=jsmith;O=example;C=US         // semi-colons
358#
359#  <UID=jsmith,O=example,C=US>       // brackets         [AoOn]
360#
361#  CN="John Smith",O=example,C=US    // quotes
362
363