The following table lists reserved characters that cannot be used in an attribute value.
| Reserved character |
Description |
Hex value |
|
space or # character at the beginning of a string |
|
|
space character at the end of a string |
|
| , |
comma |
0x2C |
| + |
plus sign |
0x2B |
| " |
double quote |
0x22 |
| \ |
backslash |
0x5C |
| < |
left angle bracket |
0x3C |
| > |
right angle bracket |
0x3E |
| ; |
semicolon |
0x3B |
| LF |
line feed |
0x0A |
| CR |
carriage return |
0x0D |
| = |
equals sign |
0x3D |
If a reserved character is part of an attribute value, it must be escaped by prefixing it with a backslash (\) in the attribute string. If an attribute value contains other reserved characters, such as the equals sign (=) or non-UTF-8 characters, it must be encoded in
hexadecimal by replacing the character with a backslash followed by two
hex digits.
The following are examples of some distinguished names that include escaped characters. The first example is an organizational unit name with an embedded comma; the second example is a value containing a carriage return.
| CN=Litware,OU=Docs\, Adatum,DC=Fabrikam,DC=COM |
| CN=Before\0DAfter,OU=Test,DC=North America,DC=Fabrikam,DC=COM |
Additional Resources: