active directory filter with objectGUID encoded as specified in rfc2254 doesn't work

Asked 18/2, 2013 at 12:2 Answered 19/8, 2024 at 11:42

Solved active-directory ldap jndi spring-ldap active-directory-group

I'm using java ldap to access active directory, more specifically spring ldap. a group search by objectGUID yields no results when the filter is encoded as specified in rfc2254.

this is the guid in its hex representation:

\49\00\f2\58\1e\93\69\4b\ba\5f\8b\86\54\e9\d8\e9

spring ldap encodes the filter like that:

(&(objectClass=group)(objectGUID=\5c49\5c00\5cf2\5c58\5c1e\5c93\5c69\5c4b\5cba\5c5f\5c8b\5c86\5c54\5ce9\5cd8\5ce9))

as mentioned in rfc2254 and in microsoft technet:

the character must be encoded as the backslash '' character (ASCII 0x5c) followed by the two hexadecimal digits representing the ASCII value of the encoded character. The case of the two hexadecimal digits is not significant. Blockquote

so a backslash should be '\5c'

but I get no results with above filter from AD. also if I put that filter in AD management console custom filters it does not work. when I remove the 5c from the filter it works both from java and in AD console.

Am I missing something here?

of course I can encode the filter without the 5c but I'm nt sure it the right way and I prefer to let spring encode the filters because it knows a lot of things that I should do manually.

Beverlee answered 18/2, 2013 at 12:2 Comment(0)

I think the blog entry at:http://www.developerscrappad.com/1109/windows/active-directory/java-ldap-jndi-2-ways-of-decoding-and-using-the-objectguid-from-windows-active-directory/ provides the information you need.

Coverley answered 19/2, 2013 at 11:44 Comment(1)

Thanks. I already did find that yesterday and I bind to groups using the binding string and not the byte string, it works perfectly. – Beverlee 19/2, 2013 at 17:10

i found solution with php to get user with objectGUID etap one when i create user i put his objectGuid in bdd, the objectGuid that you see in the Ad ex $guid_str = "31207E1C-D81C-4401-8356-33FEF9C8A" after i create my own function to transform this object id int hexadécimal

function guidToHex($guid_str){

$str_g= explode('-',$guid_str);

$str_g[0] = strrev($str_g[0]);
$str_g[1] = strrev($str_g[1]);
$str_g[2] = strrev($str_g[2]);

$retour = '\\';
$strrev = 0;
foreach($str_g as $str){
    for($i=0;$i < strlen($str)+2; $i++){
        if($strrev < 3)
            $retour .= strrev(substr($str,0,2)).'\\' ;
            else
                $retour .= substr($str,0,2).'\\' ;
                $str = substr($str,2);

    }
    if($strrev < 3)
        $retour .= strrev($str);
        else
            $retour  .= $str ;


            $strrev++;
}
return $retour;

}

this function return me a string like \1C\7E\20\31\1C\D8\01\44\83\EF\9C\8A"\F9\ED\C2\7F after this i put this string in my filter and i get the user

to get format of objectGuid i use this fonction that i foud it in internet

function convertBinToMSSQLGuid($binguid)
{
    $unpacked = unpack('Va/v2b/n2c/Nd', $binguid);
    return sprintf('%08X-%04X-%04X-%04X-%04X%08X', $unpacked['a'], $unpacked['b1'], $unpacked['b2'], $unpacked['c1'], $unpacked['c2'], $unpacked['d']);
}

i mean this format = 31207E1C-D81C-4401-8356-33FEF9C8A

Dijon answered 28/7, 2016 at 13:10 Comment(3)

i'am happy that this help you :) – Dijon 9/3, 2017 at 18:44

You've just saved me from seppuku. Thank you. :-) – Paunchy 19/8, 2024 at 11:41

Nice to see 7 years later, it still helps. Thanks for the c# implementation – Dijon 20/8, 2024 at 12:45

C# version of the ZeroCool answer.. Works like a charm.


public static void Main()
{
    string guid = "aabbccdd-1122-3344-5566-77889900aabb";
    string result = GuidToHex(guid);
    Console.WriteLine(result);
}

public static string GuidToHex(string guidStr)
{
    string[] strG = guidStr.Split('-');

    // Reverse the first three segments
    strG[0] = ReverseString(strG[0]);
    strG[1] = ReverseString(strG[1]);
    strG[2] = ReverseString(strG[2]);

    StringBuilder retour = new StringBuilder("\\");
    int strRev = 0;

    foreach (var str in strG)
    {
        string tempStr = str;
        for (int i = 0; i < tempStr.Length + 2; i++)
        {
            if (strRev < 3)
                retour.Append(ReverseString(tempStr.Substring(0, 2))).Append('\\');
            else
                retour.Append(tempStr.Substring(0, 2)).Append('\\');
            
            tempStr = tempStr.Length > 2 ? tempStr.Substring(2) : string.Empty;
        }

        if (strRev < 3)
            retour.Append(ReverseString(tempStr));
        else
            retour.Append(tempStr);

        strRev++;
    }

    return retour.ToString();
}

private static string ReverseString(string s)
{
    char[] arr = s.ToCharArray();
    Array.Reverse(arr);
    return new string(arr);
}

Paunchy answered 19/8, 2024 at 11:42 Comment(0)

Pass a byte array and search should work.

Epicardium answered 18/2, 2013 at 12:51 Comment(0)

Recommended topics

Hot tags