Active Directory and other LDAP-based user directories allow special characters in entities such as DNs, user names, roles, and group names. Special handling may be required for Shared Services to understand such characters.
Generally, you must use escape characters while specifying special characters in user directory settings; for example, Base DN and user and group URLs. Table 11 lists the special characters that can be used in user names, group names, user URLs, group URLs, and in the value of OU in user DN.
Table 11. Supported special characters
| Character[1] | Name or Meaning | Character | Name or Meaning |
|---|---|---|---|
| ( | open parenthesis | $ | dollar |
| ) | close parenthesis | + | plus |
| “ | quotation mark | & | ampersand |
| ' | single quotation mark | \ | backslash |
| , | comma | ^ | caret |
| = | equal to | ; | semicolon |
| < | less than | # | pound |
| > | greater than | @ | at |
Special characters are not permitted in the value of the Login User attribute.
The asterisk (*) is not supported in user names, group names, user and group URLs, or in the name of the OU in User DN.
Attribute values containing a combination of special characters are not supported.
The ampersand (&) can be used without an escape character. For Active Directory settings, & must be specified as &.
User and group names cannot contain both a backslash (\) and slash (/). For example, names such as test/\user and new\test/user are not supported.
Table 12. Characters that need not be escaped
| Character | Name or Meaning | Character | Name or Meaning |
|---|---|---|---|
| ( | open parenthesis | ' | single quote |
| ) | close parenthesis | ^ | caret |
| $ | dollar | @ | at |
| &[1] | Ampersand | ||
These characters must be escaped if you use them in user directory settings (user names, group names, user URLs, group URLs and User DN).
Table 13. Escape for Special Characters in User Directory Configuration Settings
| Special Character | Escape | Sample Setting | Escaped Example |
|---|---|---|---|
comma (,) | backslash (\) | ou=test,ou | ou=test\,ou |
plus sign (+) | backslash (\) | ou=test+ou | ou=test\+ou |
equal to (=) | backslash (\) | ou=test=ou | ou=test\=ou |
pound (#) | backslash (\) | ou=test#ou | ou=test\#ou |
semicolon (;) | backslash (\) | ou=test;ou | ou=test\;ou |
| less than (<) | \< | ou=test<ou | ou=test\<ou |
| greater than (>) | \> | ou=test>ou | ou=test\>ou |
| “ (quotation mark)[1] | \\ (two backslashes) | ou=test”ou | ou=test\\”ou |
| \ (backslash)[2] | \\\ (three backslashes) | ou=test\ou | ou=test\\\\ou |
Caution! | If the user URL is unspecified, users created within the RDN root must not contain / (slash) or \ (backslash). Similarly, these characters should not be used in the names of groups created within the RDN root if a group URL is not specified. For example, group names such as OU=child\ou,OU=parent/ou or OU=child/ou,OU=parent\ou are not supported. This issue does not apply if you are using a unique attribute as the ID Attribute in the user directory configuration. |