The reason is that the check for base64-encoding the attribute VALUE (the
name is done correctly) ignores the 'less than' symbol '<' - the dn and
attribute names are handled correctly.
It's a one-byte change to LDIF.pm as you can see below...
$ diff LDIF.pm LDIF.pm.saved 354c354 < if ($v =~ /(^[ :<]|[\x00-\x1f\x7f-\xff])/) { ---if ($v =~ /(^[ :]|[\x00-\x1f\x7f-\xff])/) {
No, the original code is correct. RFC2849 states
value-spec = ":" ( FILL 0*1(SAFE-STRING) /
":" FILL (BASE64-STRING) /
"<" FILL url)SAFE-INIT-CHAR = %x01-09 / %x0B-0C / %x0E-1F /
%x21-39 / %x3B / %x3D-7F
; any value <= 127 except NUL, LF, CR,
; SPACE, colon (":", ASCII 58 decimal)
; and less-than ("<" , ASCII 60 decimal)SAFE-STRING = [SAFE-INIT-CHAR *SAFE-CHAR]
So any value beginning with : or < is not a SAFE-STRING and must be base64 encoded
Graham.
