Clever Geek Handbook

Active directory filter with objectGUID encoded as specified in rfc2254 does not work

I am using java ldap to access active directory, more specifically spring ldap. group search on a GUID object gives no results when the filter is encoded as specified in rfc2254.

this is the guid in hexadecimal:

\49\00\f2\58\1e\93\69\4b\ba\5f\8b\86\54\e9\d8\e9

spring ldap encodes the filter like this:

(&(objectClass=group)(objectGUID=\5c49\5c00\5cf2\5c58\5c1e\5c93\5c69\5c4b\5cba\5c5f\5c8b\5c86\5c54\5ce9\5cd8\5ce9))

as stated in rfc2254 and microsoft technet :

the character must be encoded as a backslash character (ASCII 0x5c) followed by two hexadecimal digits representing the ASCII value of the encoded character. The case of two hexadecimal digits is not significant. Blockquote

so the backslash must be "\ 5c"

but I am not getting results with the above filter from AD. also if I put this filter in custom filters in AD Management Console it doesn't work. when i remove 5c from filter it works from both java and AD console.

Did I miss something?

of course I can code the filter without 5c, but I am sure this is the right way and I prefer spring to code filters because it knows a lot of things that I have to do manually.

+3


source to share


3 answers


I think the blog post at: http://www.developerscrappad.com/1109/windows/active-directory/java-ldap-jndi-2-ways-of-decoding-and-using-the-objectguid- from-windows -active-directory / provides the information you need.



+3


source


I found a solution with php to get a user with objectGUID etap one, when I create a user, I put its objectGuid in bdd, the objectGuid you see in Ad ex $ guid_str = "31207E1C-D81C-4401-8356-33FEF9C8A" after that how do i create my own function to convert this object id int hexadécimal

function guidToHex($guid_str){

$str_g= explode('-',$guid_str);

$str_g[0] = strrev($str_g[0]);
$str_g[1] = strrev($str_g[1]);
$str_g[2] = strrev($str_g[2]);

$retour = '\\';
$strrev = 0;
foreach($str_g as $str){
    for($i=0;$i < strlen($str)+2; $i++){
        if($strrev < 3)
            $retour .= strrev(substr($str,0,2)).'\\' ;
            else
                $retour .= substr($str,0,2).'\\' ;
                $str = substr($str,2);

    }
    if($strrev < 3)
        $retour .= strrev($str);
        else
            $retour  .= $str ;


            $strrev++;
}
return $retour;

}

this function returns me a string like \ 1C \ 7E \ 20 \ 31 \ 1C \ D8 \ 01 \ 44 \ 83 \ EF \ 9C \ 8A "\ F9 \ ED \ C2 \ 7F after that I put this string in my filter and i get user



#

to get the format of the objectGuid I am using this setting so that it can be used on the web

function convertBinToMSSQLGuid($binguid)
{
    $unpacked = unpack('Va/v2b/n2c/Nd', $binguid);
    return sprintf('%08X-%04X-%04X-%04X-%04X%08X', $unpacked['a'], $unpacked['b1'], $unpacked['b2'], $unpacked['c1'], $unpacked['c2'], $unpacked['d']);
}

i means this format = 31207E1C-D81C-4401-8356-33FEF9C8A

+1


source


Pass in an array of bytes and the lookup should work.

0


source






More articles:


All Articles