Requirements of LDAP DN Value

All Distinguished Name (DN) values provided in LDAP authentication configuration of IBM® Db2® Data Management Console must follow the syntax that is defined by 'String Representation of Distinguished Names'.

Characters that require escaping from DN

Some 'special characters' are escaped when used in attribute values of any RDN value of a DN value. They are comma (,), semi-column (;), plus (+), less than (<), greater than (>), equals (=), double quote ("), back slash (\), sharp (#) and leading and tailing spaces of an attribute value.

Sharp mark (#), leading and tailing spaces used in attribute values of DN are not supported in IBM Db2 Data Management Console.

Other special characters that can be used in DN in IBM Db2 Data Management Consoleafter being properly escaped are listed in the below table. There are two ways to escape a character. One is to precede the character with a backslash, and the other is to replace the character with hexadecimal values.
Name Original Character Escaped Value Hexadecimal Value
Comma , \, \2C
Semicolon ; \; \3B
Plus + \+ \2B
Less than < \< \3C
Greater than > \> \3E
Equals = \= \3D
Double quote " \" \22
Back slash \ \\ \5C
Here is an example about escaping a comma for group DN.
CN=Group\, Admin,OU=Groups,DC=example,DC=com

or

CN=Group\2C Admin,OU=Groups,DC=example,DC=com

Control Characters and Spaces

All control characters, hexadecimal values in Unicode from 00 to 1F (otherwise called as C0 controls) and 7F (delete) are not allowed to be used in any value of LDAP authentication configuration data and will be removed.

IBM Db2 Data Management Console only supports common whitespace character (hexadecimal value 20 in Unicode) in authentication configuration data. Non-breaking space (hexadecimal value A0 in Unicode) is not supported, and will be replaced with common whitespace.