active directory filter with objectGUID encoded as specified in rfc2254 doesn't work

Question

I'm using java ldap to access active directory, more specifically spring ldap. a group search by objectGUID yields no results when the filter is encoded as specified in rfc2254.

this is the guid in its hex representation:

\49\00\f2\58\1e\93\69\4b\ba\5f\8b\86\54\e9\d8\e9

spring ldap encodes the filter like that:

(&(objectClass=group)(objectGUID=\5c49\5c00\5cf2\5c58\5c1e\5c93\5c69\5c4b\5cba\5c5f\5c8b\5c86\5c54\5ce9\5cd8\5ce9))

as mentioned in rfc2254 and in microsoft technet:

the character must be encoded as the backslash '' character (ASCII 0x5c) followed by the two hexadecimal digits representing the ASCII value of the encoded character. The case of the two hexadecimal digits is not significant. Blockquote

so a backslash should be '\5c'

but I get no results with above filter from AD. also if I put that filter in AD management console custom filters it does not work. when I remove the 5c from the filter it works both from java and in AD console.

Am I missing something here?

of course I can encode the filter without the 5c but I'm nt sure it the right way and I prefer to let spring encode the filters because it knows a lot of things that I should do manually.

Answer 1

I think the blog entry at:http://www.developerscrappad.com/1109/windows/active-directory/java-ldap-jndi-2-ways-of-decoding-and-using-the-objectguid-from-windows-active-directory/ provides the information you need.

Answer 2

i found solution with php to get user with objectGUID etap one when i create user i put his objectGuid in bdd, the objectGuid that you see in the Ad ex $guid_str = "31207E1C-D81C-4401-8356-33FEF9C8A" after i create my own function to transform this object id int hexadécimal

function guidToHex($guid_str){

$str_g= explode('-',$guid_str);

$str_g[0] = strrev($str_g[0]);
$str_g[1] = strrev($str_g[1]);
$str_g[2] = strrev($str_g[2]);

$retour = '\\';
$strrev = 0;
foreach($str_g as $str){
    for($i=0;$i < strlen($str)+2; $i++){
        if($strrev < 3)
            $retour .= strrev(substr($str,0,2)).'\\' ;
            else
                $retour .= substr($str,0,2).'\\' ;
                $str = substr($str,2);

    }
    if($strrev < 3)
        $retour .= strrev($str);
        else
            $retour  .= $str ;


            $strrev++;
}
return $retour;

}

this function return me a string like \1C\7E\20\31\1C\D8\01\44\83\EF\9C\8A"\F9\ED\C2\7F after this i put this string in my filter and i get the user

#

to get format of objectGuid i use this fonction that i foud it in internet

function convertBinToMSSQLGuid($binguid)
{
    $unpacked = unpack('Va/v2b/n2c/Nd', $binguid);
    return sprintf('%08X-%04X-%04X-%04X-%04X%08X', $unpacked['a'], $unpacked['b1'], $unpacked['b2'], $unpacked['c1'], $unpacked['c2'], $unpacked['d']);
}

i mean this format = 31207E1C-D81C-4401-8356-33FEF9C8A

Answer 3

Pass a byte array and search should work.