directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Benner, Craig" <craig.ben...@psu.edu>
Subject Re: help on retrieving ms-ds-consistencyguid from activedirectory
Date Wed, 24 Mar 2021 15:50:18 GMT
I can fill out a JIRA ticket, can you send me the link?




thanks,

Craig Benner


My Calendar in Free/Busy View<https://outlook.office365.com/owa/calendar/a547b9cc00cf46ffaaf407298070894d@psu.edu/2f5004b9918c42af84647509f87d174b8638641687214814771/calendar.html>

<https://outlook.office365.com/owa/calendar/a547b9cc00cf46ffaaf407298070894d@psu.edu/2f5004b9918c42af84647509f87d174b8638641687214814771/calendar.html>

https://keybase.io/craigbenner

________________________________
From: Emmanuel Lécharny <elecharny@gmail.com>
Sent: Wednesday, March 24, 2021 11:16 AM
To: Benner, Craig <craig.benner@psu.edu>; api@directory.apache.org <api@directory.apache.org>
Subject: Re: help on retrieving ms-ds-consistencyguid from activedirectory

Ah, snap...

We should really return an impl. can you fill a JIRA for that ?

Otherwise, cast the resturning value to
ConfigurableBinaryAttributeDetector :

((ConfigurableBinaryAttributeDetector)connection.getBinaryAttributeDetector()).addBinaryAttribute(
"mS-DS-ConsistencyGuid" )

that should do the trick (or maybe to SchemaBinaryAttributeDetector)

On 24/03/2021 16:06, Benner, Craig wrote:
> Thanks for the quick response!!
>
> I'm using version 2.0.1 of the library, and the LdapConnection is
> returning type BinaryAttributeDetector (an interface) that doesn't have
> the method you described
>
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnightlies.apache.org%2Fdirectory%2Fapi%2F2.0.1%2Fapidocs%2Forg%2Fapache%2Fdirectory%2Fapi%2Fldap%2Fcodec%2Fapi%2FBinaryAttributeDetector.html&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979430784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=ZbtF7WKcX5raJarL9Hxvn4HDMlviiab%2BValyq2e4Iy0%3D&amp;reserved=0
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnightlies.apache.org%2Fdirectory%2Fapi%2F2.0.1%2Fapidocs%2Forg%2Fapache%2Fdirectory%2Fapi%2Fldap%2Fcodec%2Fapi%2FBinaryAttributeDetector.html&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979430784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=ZbtF7WKcX5raJarL9Hxvn4HDMlviiab%2BValyq2e4Iy0%3D&amp;reserved=0>
> BinaryAttributeDetector (Apache LDAP API 2.0.1 API Documentation)
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnightlies.apache.org%2Fdirectory%2Fapi%2F2.0.1%2Fapidocs%2Forg%2Fapache%2Fdirectory%2Fapi%2Fldap%2Fcodec%2Fapi%2FBinaryAttributeDetector.html&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979430784%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=ZbtF7WKcX5raJarL9Hxvn4HDMlviiab%2BValyq2e4Iy0%3D&amp;reserved=0>
> An interface used to abstract the means to detect whether or not an
> attribute identifier/descriptor represents a binary attributeType.
> nightlies.apache.org
>
>
>
>
>
> thanks,
>
> Craig Benner
>
>
> My Calendar in Free/Busy View
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fowa%2Fcalendar%2Fa547b9cc00cf46ffaaf407298070894d%40psu.edu%2F2f5004b9918c42af84647509f87d174b8638641687214814771%2Fcalendar.html&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979440772%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=DVKTAsgYkPSZy0V0UwI8lr6VxqvtmXZH%2BxA%2FvfLDWHs%3D&amp;reserved=0>
>
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Foutlook.office365.com%2Fowa%2Fcalendar%2Fa547b9cc00cf46ffaaf407298070894d%40psu.edu%2F2f5004b9918c42af84647509f87d174b8638641687214814771%2Fcalendar.html&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979440772%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=DVKTAsgYkPSZy0V0UwI8lr6VxqvtmXZH%2BxA%2FvfLDWHs%3D&amp;reserved=0>
>
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkeybase.io%2Fcraigbenner&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979440772%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=OM964lr1bglxVlpwSvDlQTkMJ8Mlrxn4rV2vddhr4w0%3D&amp;reserved=0
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fkeybase.io%2Fcraigbenner&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979440772%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=OM964lr1bglxVlpwSvDlQTkMJ8Mlrxn4rV2vddhr4w0%3D&amp;reserved=0>
>
> ------------------------------------------------------------------------
> *From:* Emmanuel Lécharny <elecharny@gmail.com>
> *Sent:* Wednesday, March 24, 2021 10:57 AM
> *To:* api@directory.apache.org <api@directory.apache.org>
> *Subject:* Re: help on retrieving ms-ds-consistencyguid from
> activedirectory
> Answer inline...
>
> On 24/03/2021 15:38, Benner, Craig wrote:
>>
>> Thanks for replying.  I actually don't know what you exactly mean by `what type of
AttributeType are you using for this
>> attribute`.  So, I'll try to show some code and explain what my code is doing outside
of what i don't show...  I have it OO designed out to be able to manage our AD for multiple
styles of users, so it is hard to show all at once.
>>
>> Here is a snippet of our "Search" method
>>
>>          SearchRequest searchRequest = new SearchRequestImpl();
>>          searchRequest.setBase(new Dn(searchBaseDn));
>>          searchRequest.setFilter(filter);
>>          searchRequest.setScope(SearchScope.SUBTREE);
>>          searchRequest.addAttributes((String[]) attributes.toArray(new String[0]));
>>          searchRequest.addControl(pagedSearchControl);
>>
>>          cursor = new EntryCursorImpl(ldapConn.search(searchRequest));
>>
>>          while (cursor.next()) {
>>            try {
>>              Entry result = cursor.get();
>>              if (offset == null || offset.equals(pagesLooped)) {
>>                if (processRanges) {
>>                  processRangeAttributes(ldapConn, result, attributes, searchBaseDn);
>>                }
>>                results.add(result);
>>                sizeOfResult++;
>>              }
>>            } catch (CursorLdapReferralException clre) {
>>              do {
>>                // ignoring referrals
>>              } while (clre.skipReferral());
>>            }
>>          }
>>
>>
>>
>> attributes.toArray logs out like this ==> [accountExpires, altSecurityIdentities,
badPasswordTime, badPwdCount, cn, distinguishedName, extensionAttribute2, mS-DS-ConsistencyGuid,
msDS-KeyVersionNumber, msDS-SupportedEncryptionTypes, objectClass, objectGuid,  objectSid,
primaryGroupId, pwdLastSet, sAMAccountName, uid,
> userAccountControl, userPrincipalName, whenChanged, whenCreated]
>>
>> Once the search method is complete, it returns the "entry" -or collection of entrys
to a method that runs that entry through a conversion process
>>
>> Below is my current mess​ of code while trying to figure out how to manipulate
the bytes coming back for ms-ds-consistencyguid
>>
>>   for (Attribute a : entry.getAttributes()) {
>>       ....
>>
>>              log.debug("Setting field [" + attributeName + "] with value [" + a.get().getString()
+ "] and field type ["
>>                  + f.getType() + "]");
>>
>>      .....
>>
>>              } else if (f.getType().equals(byte[].class)) {
>>
>>                byte[] theValue;
>>                if (a.isHumanReadable()) {
>
> Here lie dragons...
>
> The HR flag is set based on the LDAP API knowledge of the attributeType
> characteristics. Sadly, we can't account for all the existing
> attributeType definitions, and we have based this flag on the existing
> RFCs were attributes are defined.
>
> Bottom line, the MS AT is unknown to the API, thus the HR defaults to true.
>
> (At some point we have to decide if the value is a String or a byte[])
>
> There is a way to trick the API and tell it that the attribute is in
> fact binary, by adding the attribute name to the list of binary
> attributes managed by the DefaultConfigurableBinaryAttributeDetector
> instance (see
> https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnightlies.apache.org%2Fdirectory%2Fapi%2F2.0.1%2Fapidocs%2Forg%2Fapache%2Fdirectory%2Fapi%2Fldap%2Fcodec%2Fapi%2FDefaultConfigurableBinaryAttributeDetector.html&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979440772%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=C4uUx0VuI4cF7hNeXBWRwNo%2FC3HF0m4zaTcInW7NziI%3D&amp;reserved=0
> <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnightlies.apache.org%2Fdirectory%2Fapi%2F2.0.1%2Fapidocs%2Forg%2Fapache%2Fdirectory%2Fapi%2Fldap%2Fcodec%2Fapi%2FDefaultConfigurableBinaryAttributeDetector.html&amp;data=04%7C01%7Ccraig.benner%40psu.edu%7Cb5c276a67c0d4e6b797e08d8eed7d10e%7C7cf48d453ddb4389a9c1c115526eb52e%7C0%7C0%7C637521957979440772%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=C4uUx0VuI4cF7hNeXBWRwNo%2FC3HF0m4zaTcInW7NziI%3D&amp;reserved=0>).
>
> So if you call
> connection.getBinaryAttributeDetector().addBinaryAttribute(
> "mS-DS-ConsistencyGuid" ) method, that should do the trick.
>
> Yes, I know, it's a bit tricky, it's not exactly well documented, but at
> least, it should do the job :-)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: api-unsubscribe@directory.apache.org
> For additional commands, e-mail: api-help@directory.apache.org
>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message