ldap: fix DN spliting/escaping problems

mylib/ldap.py

@@ -12,6 +12,7 @@ import dateutil.tz
 import ldap
 from ldap.controls import SimplePagedResultsControl
 from ldap.controls.simple import RelaxRulesControl
+from ldap.dn import escape_dn_chars, explode_dn
 import ldap.modlist as modlist
 
 from mylib import pretty_format_dict
@@ -256,13 +257,13 @@ class LdapServer:
     def rename_object(self, dn, new_rdn, new_sup=None, delete_old=True):
         """ Rename an object in LDAP directory """
         # If new_rdn is a complete DN, split new RDN and new superior DN
-        if len(new_rdn.split(',')) > 1:
+        if len(explode_dn(new_rdn)) > 1:
             self.logger.debug(
                 "LdapServer - Rename with a full new DN detected (%s): split new RDN and new superior DN",
                 new_rdn
             )
             assert new_sup is None, "You can't provide a complete DN as new_rdn and also provide new_sup parameter"
-            new_dn_parts = new_rdn.split(',')
+            new_dn_parts = explode_dn(new_rdn)
             new_sup = ','.join(new_dn_parts[1:])
             new_rdn = new_dn_parts[0]
         assert self.con or self.connect()
@@ -761,14 +762,14 @@ class LdapClient:
             )
 
             # Compute new object DN
-            dn_parts = self.decode(ldap_obj['dn']).split(',')
+            dn_parts = explode_dn(self.decode(ldap_obj['dn']))
             basedn = ','.join(dn_parts[1:])
-            new_rdn = '%s=%s' % (rdn_attr, self.decode(new_rdn_values[0]))
+            new_rdn = '%s=%s' % (rdn_attr, escape_dn_chars(self.decode(new_rdn_values[0])))
             new_dn = '%s,%s' % (new_rdn, basedn)
 
             # Rename object
             log.debug('%s: Rename to %s', ldap_obj['dn'], new_dn)
-            if not self.move_object(ldap_obj, new_rdn):
+            if not self.move_object(ldap_obj, new_dn):
                 return False
 
             # Remove RDN in changes list