Thanks for the quick response!! I'm using version 2.0.1 of the library, and the LdapConnection is returning type BinaryAttributeDetector (an interface) that doesn't have the method you described
https://nightlies.apache.org/directory/api/2.0.1/apidocs/org/apache/directory/api/ldap/codec/api/BinaryAttributeDetector.html BinaryAttributeDetector (Apache LDAP API 2.0.1 API Documentation)<https://nightlies.apache.org/directory/api/2.0.1/apidocs/org/apache/directory/api/ldap/codec/api/BinaryAttributeDetector.html> An interface used to abstract the means to detect whether or not an attribute identifier/descriptor represents a binary attributeType. nightlies.apache.org thanks, Craig Benner My Calendar in Free/Busy View<https://outlook.office365.com/owa/calendar/a547b9cc00cf46ffaaf4072980708...@psu.edu/2f5004b9918c42af84647509f87d174b8638641687214814771/calendar.html> <https://outlook.office365.com/owa/calendar/a547b9cc00cf46ffaaf4072980708...@psu.edu/2f5004b9918c42af84647509f87d174b8638641687214814771/calendar.html> https://keybase.io/craigbenner ________________________________ From: Emmanuel Lécharny <elecha...@gmail.com> Sent: Wednesday, March 24, 2021 10:57 AM To: api@directory.apache.org <api@directory.apache.org> Subject: Re: help on retrieving ms-ds-consistencyguid from activedirectory Answer inline... On 24/03/2021 15:38, Benner, Craig wrote: > > Thanks for replying. I actually don't know what you exactly mean by `what > type of AttributeType are you using for this > attribute`. So, I'll try to show some code and explain what my code is doing > outside of what i don't show... I have it OO designed out to be able to > manage our AD for multiple styles of users, so it is hard to show all at once. > > Here is a snippet of our "Search" method > > SearchRequest searchRequest = new SearchRequestImpl(); > searchRequest.setBase(new Dn(searchBaseDn)); > searchRequest.setFilter(filter); > searchRequest.setScope(SearchScope.SUBTREE); > searchRequest.addAttributes((String[]) attributes.toArray(new > String[0])); > searchRequest.addControl(pagedSearchControl); > > cursor = new EntryCursorImpl(ldapConn.search(searchRequest)); > > while (cursor.next()) { > try { > Entry result = cursor.get(); > if (offset == null || offset.equals(pagesLooped)) { > if (processRanges) { > processRangeAttributes(ldapConn, result, attributes, > searchBaseDn); > } > results.add(result); > sizeOfResult++; > } > } catch (CursorLdapReferralException clre) { > do { > // ignoring referrals > } while (clre.skipReferral()); > } > } > > > > attributes.toArray logs out like this ==> [accountExpires, > altSecurityIdentities, badPasswordTime, badPwdCount, cn, distinguishedName, > extensionAttribute2, mS-DS-ConsistencyGuid, msDS-KeyVersionNumber, > msDS-SupportedEncryptionTypes, objectClass, objectGuid, objectSid, > primaryGroupId, pwdLastSet, sAMAccountName, uid, userAccountControl, > userPrincipalName, whenChanged, whenCreated] > > Once the search method is complete, it returns the "entry" -or collection of > entrys to a method that runs that entry through a conversion process > > Below is my current mess of code while trying to figure out how to > manipulate the bytes coming back for ms-ds-consistencyguid > > for (Attribute a : entry.getAttributes()) { > .... > > log.debug("Setting field [" + attributeName + "] with value [" + > a.get().getString() + "] and field type [" > + f.getType() + "]"); > > ..... > > } else if (f.getType().equals(byte[].class)) { > > byte[] theValue; > if (a.isHumanReadable()) { Here lie dragons... The HR flag is set based on the LDAP API knowledge of the attributeType characteristics. Sadly, we can't account for all the existing attributeType definitions, and we have based this flag on the existing RFCs were attributes are defined. Bottom line, the MS AT is unknown to the API, thus the HR defaults to true. (At some point we have to decide if the value is a String or a byte[]) There is a way to trick the API and tell it that the attribute is in fact binary, by adding the attribute name to the list of binary attributes managed by the DefaultConfigurableBinaryAttributeDetector instance (see https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnightlies.apache.org%2Fdirectory%2Fapi%2F2.0.1%2Fapidocs%2Forg%2Fapache%2Fdirectory%2Fapi%2Fldap%2Fcodec%2Fapi%2FDefaultConfigurableBinaryAttributeDetector.html&data=04%7C01%7Ccraig.benner%40psu.edu%7Ce701d68d220a4808bd0908d8eed5353d%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521946856006495%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ZrGQxh9Zq%2FNXJmF2EKhzcoIsyneqv1LGJbd3RKnUw8w%3D&reserved=0). So if you call connection.getBinaryAttributeDetector().addBinaryAttribute( "mS-DS-ConsistencyGuid" ) method, that should do the trick. Yes, I know, it's a bit tricky, it's not exactly well documented, but at least, it should do the job :-) --------------------------------------------------------------------- To unsubscribe, e-mail: api-unsubscr...@directory.apache.org For additional commands, e-mail: api-h...@directory.apache.org