Issue #453 has been updated by Raphaël Ouazana.
Comment from Frédéric Poisson:
Hello,
I'm looking on LSC 2.0 to use on getOneFilter query back filter on objectGUID
attribute. My idea is to synchronize an OpenLDAP destination server with an
Active Directory LDAP source. So i initialize an LSC configuration with :
<getOneFilter><![CDATA[(objectGUID={objectGUID})]]></getOneFilter>
I made a network capture and i see that LSC receive during the getAllfilter
for one entry an objectGUID like this in hexa :
db b2 48 2d 3d 2f 00 4c 82 8b a2 a2 34 40 62 d5
And when LSC query this entry with the getOneFilter it use a search like this
with control type 2.16.840.1.113730.3.4.2
Filter:
(objectGUID=db:b2:48:2d:3d:2f:00:4c:ef:bf:bd:ef:bf:bd:ef:bf:bd:ef:bf:bd:34:40:62:ef:bf:bd)
It seems that LSC change the value of the objectGUID, why ?
Here is the real base64 encoded value of the wanted objectGUID :
objectGUID:: 27JILT0vAEyCi6KiNEBi1Q==
I made an ldapsearch with the correct objectGUID with filter
'(objectGUID=\db\b2\48\2d\3d\2f\00\4c\82\8b\a2\a2\34\40\62\d5)' and i receive
one response .
With LSC the output result is :
Oct 02 13:55:07 - DEBUG - Synchronizing People for {objectguid=?H-=/L????4@b?}
Oct 02 13:55:07 - ERROR - Synchronization aborted because no source object has
been found !
This is because objectGUID must be declared as binary. But then LSC can't use
the pivot attribute:
Exception in thread "agent" java.lang.ClassCastException: [B cannot be cast to
java.lang.String
at org.lsc.jndi.JndiServices.getAttrsList(JndiServices.java:987)
at
org.lsc.jndi.SimpleJndiSrcService.getListPivots(SimpleJndiSrcService.java:176)
at
org.lsc.jndi.PullableJndiSrcService.getNextId(PullableJndiSrcService.java:134)
at org.lsc.SynchronizeTask.run(AbstractSynchronize.java:650)
at java.lang.Thread.run(Thread.java:662)
Some work must be done to handle binary pivot attributes.
----------------------------------------
Feature #453: Support formatting of binary objectGUID attribute for Microsoft
LDAP servers
http://tools.lsc-project.org/issues/453
Author: Hugh Kelley
Status: New
Priority: Normal
Assigned to:
Category: Core
Target version: 2.0.1
When working with Microsoft directories, the best (immutable and unique) handle
for objects is the objectGUID attribute. However, this attribute requires
special formatting to be used in LDAP search filters.
The LSC filter "substitution engine" could be enhanced to format these binary
attributes in a way that is compatible for search filters. See the example
attached and
https://forums.oracle.com/forums/thread.jspa?threadID=1155698&tstart=0 for
more details.
// Where GUID is a byte array returned by a previous LDAP search
for (int c=0;c<GUID.length;c++) {
byteGUID = byteGUID + "\\" +
AddLeadingZero((int)GUID[c] & 0xFF);
}
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://tools.lsc-project.org/my/account
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-dev mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-dev
