ldap_search objectGUID in AD

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Sacs
    #1

    ldap_search objectGUID in AD

    Hi all,
    this is _really_ bugging me, and the Google God has failed me:

    Doing an ldap_search of a Wink2k Active Directory trying to get the
    objectGUID. This is a unique id within AD and is meant to be a 128bit
    octal string. (16 bytes).

    Works 99% of the time, but the occasional objectGUID comes up short.
    e.g.

    $ld_filter = '(sAMAccountNam e=*)';
    $ld_data = array('objectGU ID', 'sAMAccountName ');
    $ld_sr = ldap_search($Co nnect, $ldap_base_dn, $ld_filter);
    $ld_info = ldap_get_entrie s($Connect, $ld_sr);
    for($i=0; $i < $ld_info['count']; $i++) {
    $o = $ld_info[$i]['objectguid'][0];
    $len = strlen($o);
    print("len: $len <br>");
    }

    MOST of the entries are the correct 16 bytes, a FEW are not. It's like
    the occasional objectGUID is barfing php somehow and not getting placed
    into the holder variable, or something. Only getting the first x bytes.

    The correct entries I can convert to an escaped hex string and then
    search AD correctly. The incorrect ones, can't be used.

    Doing an ldap_search from the command line generates a base64 encoded
    string, which I can decode, convert to hex and search properly, so it's
    not the AD data.

    PHP Version 4.3.2
    Apache/1.3.28
    Linux tnz014 2.4.18-14 #1 Wed Sep 4 11:57:57 EDT 2002 i586
    ldap.c,v 1.130.2.4 2003/04/30 21:54:02 iliaa Exp $

    Any ideas????

    Cheers,
    Alan Way
    Tags: objectguid
    • Sacs
      #2
      Re: ldap_search objectGUID in AD

      Sacs wrote:[color=blue]
      >
      > $ld_filter = '(sAMAccountNam e=*)';
      > $ld_data = array('objectGU ID', 'sAMAccountName ');
      > $ld_sr = ldap_search($Co nnect, $ldap_base_dn, $ld_filter);
      > $ld_info = ldap_get_entrie s($Connect, $ld_sr);
      > for($i=0; $i < $ld_info['count']; $i++) {
      > $o = $ld_info[$i]['objectguid'][0];
      > $len = strlen($o);
      > print("len: $len <br>");
      > }
      >
      > MOST of the entries are the correct 16 bytes, a FEW are not. It's like
      > the occasional objectGUID is barfing php somehow and not getting placed
      > into the holder variable, or something. Only getting the first x bytes.[/color]

      Solved the bugger. ldap_get_entrie s() handles the data as strings,
      which is not good for binary data containing nulls (like the AD
      objectGUID may do).

      So, I need to use ldap_get_values _len() to extract the binary data :-)
      e.g. to get the objectGUID of an organisation unit:

      function getGUIDbyOU ($ou) {
      global $ldap_base_dn, $ldap_server, $ldap_bind_d, $ldap_bind_user ;

      $Connect = ldap_connect($l dap_server) ;
      $Bind = ldap_bind($Conn ect, $ldap_bin_dn, $ldap_bind_user );

      $ld_filter = '(ou=' . $ou . ')';
      $ld_data = array('objectGU ID');


      $ld_sr = ldap_search($Co nnect, $ldap_base_dn, $ld_filter, $ld_data);


      if(ldap_count_e ntries($Connect , $ld_sr) > 0) {
      $entry = ldap_first_entr y($Connect, $ld_sr);
      $guid = ldap_get_values _len($Connect, $entry, 'objectguid');
      return $guid[0];
      } else {
      return NULL;
      }
      }

      Thanks to anyone who bothered reading the parent :-)

      Alan

        Comment

        Previous template Next
        Working...