From b8a7e6d275202ba1472c9ddb0f7654b9191206c1 Mon Sep 17 00:00:00 2001
From: kaminski_k <kai.kaminski@psi.ch>
Date: Wed, 2 Mar 2016 17:59:07 +0100
Subject: [PATCH] Replace simplistic check in has_dn_format

Use python-ldap's explode_dn, which (hopefully) rejects invalid DNs.
---
 ldapuserdir/ldapuserdir.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ldapuserdir/ldapuserdir.py b/ldapuserdir/ldapuserdir.py
index 5323856..737df39 100644
--- a/ldapuserdir/ldapuserdir.py
+++ b/ldapuserdir/ldapuserdir.py
@@ -110,12 +110,14 @@ class LdapUserDir(object):
 
     @staticmethod
     def has_dn_format(name):
-        """returns true if name has the format of a distinguished name
+        """Returns true iff name has the format of a distinguished name
         """
-        # currently we are satisfied with a very primitive check
-        if ',' in name:
+        try:
+            ldap.explode_dn(name)
+        except Exception:
+            return False
+        else:
             return True
-        return False
 
     @staticmethod
     def dn_to_cn(dn):