Just resending this in case you missed my earlier email.
Good morning Andrew. We have completed our research concerning your questions
about AD attribute string forms. The below information is the complete list of
special syntaxes. Please let me know if you this answers your question
satisfactorily; if so, I will consider your question resolved.
Sorry about the incorrect name in my earlier send.
==============================================================================================================
1] objectGUID
There is no special syntax for using this attribute in a search filter. You
search as for any other binary-valued attribute.
Example of Hexadecimal string representation of the binary format of the
GUID is "FD221F0A-5B5D-484A-99FE-DEB4B3F90C32"
LDAP filter form:
(objectGUID=\0A\1F\22\FD\5D\5B\4A\48\99\FE\DE\B4\B3\F9\0C\32)
However, there is a special DN syntax which allows you to specify the
objectGUID (or objectSID) in the DN instead of a 'conventional' LDAP DN. This
is documented in Section 3.1.1.3.1.2.4 of the [MS-ADTS] document.
If your question about the use of this attribute in search filters has not been
addressed by the above, please provide us with a specific example of the search
so that we may investigate further.
2] objectSID
The alternative form for attributes of syntax type String(SID), including
objectSID, is documented in [MS-ADTS] as shown below:
[MS-ADTS]
3.1.1.3.1.2.5 Alternative Form of SIDs
Attributes of String(SID) syntax contain a SID in binary form.
However, a client may instead specify a value for such an attribute as a UTF-8
string that is a valid SDDL SID string beginning with "S-" (see [MS-DTYP]
sections 2.4.2 and 2.5.1). The server will convert such a string to the binary
form of the SID and use that binary form as the value of the attribute.
3] objectCategory
[MS-ADTS]
3.1.1.3.1.3.4 Searches Using the objectCategory Attribute
When an LDAP search filter F contains a clause C of the form
"(objectCategory=V)", if V is not a DN but there exists an object O such that
O!objectClass = classSchema and O!lDAPDisplayName = V, then the server treats
the search filter as if clause C was replaced in F with the clause
"(objectCategory=V')", where V' is O!defaultObjectCategory.
==============================================================================================================
Regards,
Bill Wesse
MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
TEL: 980-776-8200
CELL: 704-661-5438
FAX: 704-665-9606
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
