Good day again! I have filed the below bug against the MS-ADA3 document. I apologize for my earlier incorrect answer (which stated that objectGUID and objectSID had no 'human-readable' string format available for use within ldap filters.
It turns out that the AD specialist I consulted with was speaking with respect to LDAP generically, not the Microsoft implementation (which I was listening as pertaining to). Additionally, the list of special semantics for our implementation is specifically against objectSID and objectGUID; there is no schema attribute that specifies or allows for this. Using objectGUID to Bind to an Object http://msdn.microsoft.com/en-us/library/ms677985(VS.85).aspx ============================================================================== Question: In MS-ADA3 - 2.43 and 2.44 we see a description of the objectGUID and objectSID attributes. Helpful cross-references to MS-DTYP are included. However, no reference in either document is made to the ability of AD LDAP servers to accept string (rather than binary) forms of these attributes in searches. Is there a schema attribute that defines which attribute types allow these kinds of polymorphic searches, or is it a hard-coded list? ============================================================================== Proposed Answer: There are special hard coded-semantics on the Active Directory attribute 'objectGUID' and 'objectSID' attributes (which are both typed internally as OctetStrings). The following shows the human-readable string forms (string) understood by the Active Directory Services LDAP server for these attributes: Type: GUID string: 6d05e3c6-44db-406d-a43b-f4973724d20f rfc2254: \C6\E3\05\6D\DB\44\6D\40\A4\3B\F4\97\37\24\D2\0F Type: SID string: S-1-5-21-2484111802-3076910921-728100999-1142 rfc2254: \01\05\00\00\00\00\00\05\15\00\00\00\BA\89\10\94\49\EF\65\B7\87\F0\65\2B\76\04\00\00 Reference: The String Representation of LDAP Search Filters http://www.ietf.org/rfc/rfc2254.txt Regards, Bill Wesse MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM 8055 Microsoft Way Charlotte, NC 28273 TEL: 980-776-8200 CELL: 704-661-5438 FAX: 704-665-9606 _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
