- char *p;
- struct berval realm = BER_BVNULL, c1 = *dn;
-
- len = dn->bv_len + sizeof("uid=")-1 + sizeof(",cn=auth")-1;
-
- if( user_realm && *user_realm ) {
- realm.bv_val = user_realm;
- realm.bv_len = strlen( user_realm );
- len += realm.bv_len + sizeof(",cn=") - 1;
+ /* ITS#3419: values may need escape */
+ LDAPRDN DN[ 5 ];
+ LDAPAVA *RDNs[ 4 ][ 2 ];
+ LDAPAVA AVAs[ 4 ];
+ int irdn;
+
+ irdn = 0;
+ DN[ irdn ] = RDNs[ irdn ];
+ RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+ AVAs[ irdn ].la_attr = slap_schema.si_ad_uid->ad_cname;
+ AVAs[ irdn ].la_value = *dn;
+ AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+ AVAs[ irdn ].la_private = NULL;
+ RDNs[ irdn ][ 1 ] = NULL;
+
+ if ( user_realm && *user_realm ) {
+ irdn++;
+ DN[ irdn ] = RDNs[ irdn ];
+ RDNs[ irdn ][ 0 ] = &AVAs[ irdn ];
+ AVAs[ irdn ].la_attr = slap_schema.si_ad_cn->ad_cname;
+ ber_str2bv( user_realm, 0, 0, &AVAs[ irdn ].la_value );
+ AVAs[ irdn ].la_flags = LDAP_AVA_NULL;
+ AVAs[ irdn ].la_private = NULL;
+ RDNs[ irdn ][ 1 ] = NULL;