LDAP character encoding

[smirks]

Hi,

I am retrieving some information from a Microsoft Active Directory
Server via Java's JNDI API.

In particular, I'm trying to get an attribute called 'objectSID', which
is of type Octet-String on the active directory.

My problem is that when trying to convert the returned value to a hex
representation, some of the bytes are incorrectly converted.

Let me explain further:

After performing a certain query on the ldap server, I read the
returned objectSID attribute by calling:

String value = (String) attrib.get();

....where attrib is the attribute containing the retrieved objectSID.

While debugging, I do a simple print out of the above string (using a
simple System.out.println(value)), to get the following byte
representation:


u?uT?`C
2?

I use Apache's commons-codec API to convert the above string to a Hex
represenation as follows...

String hex = new String( Hex.encodeHex(value.getBytes()) );

.... and when I print it out, I get:

010500000000000515000000753f75540f3f601d43170a323f040000

However, the correct hex value as stored on the active directory server
when performing a certain query, should be as follows:

01050000000000051500000075b975540ff8601d43170a32e4040000

This is close, but not quite the correct value.

In fact, when I try to reverse the correct hex value to the byte
representation, I get:


u¹uTø`C
2ä

.... which is therefore the actual value that I should be getting when
reading the naming attribute in the first place and casting it to a
String, right?

I believe the problem has to do with character encoding, but I don't
know how to proceed from here. I have tried various character sets when
converting 'value' to a byte array above, but to no avail.
Any help will be greatly appreciated.

Regards,
Clyde

 

[Chris Smith]

I believe the problem has to do with character encoding, but I don't
know how to proceed from here. I have tried various character sets when
converting 'value' to a byte array above, but to no avail.

Well, the code you posted only showed you using the default system
encoding. That's almost certain to be wrong. I don't know where a lot
of this is coming from, so can you post a complete example instead of
one or two lines of code? If you don't believe that the Apache Commons
project is part of the issue, you could remove it, too.

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation

 

[JScoobyCed]

Hi,

I am retrieving some information from a Microsoft Active Directory
Server via Java's JNDI API.

In particular, I'm trying to get an attribute called 'objectSID', which
is of type Octet-String on the active directory.
I believe the problem has to do with character encoding, but I don't
know how to proceed from here. I have tried various character sets when
converting 'value' to a byte array above, but to no avail.
Any help will be greatly appreciated.

Regards,
Clyde

Hi,

Man you are a lucky one I have been doing the same type of query
(ObjectSID) a few weeks ago and met the same problem.
And guess what, I found the solution.

Step 1: The environment
In the Hashtable that you use for the (Ldap)Context, you only need to
add a parameter:
Hashtable env = new Hashtable();
// ... put your env in the Hashtable
env.put("java.naming.ldap.attributes.binary","objectsid");

Note: if you had to query also, say, jpegphoto attribute, you would do:
env.put("java.naming.ldap.attributes.binary","objectsid jpegphoto");
All attributes in a space separated list.

Step 2: The query:
<pseudo-code>
SearchControls ctl = new SearchControls(SearchControls.SUBTREE_SCOPE, 0,
0, new String[] {"cn","objectSid"}, true, false);
NamingEnumeration ne = ctx.search("dc=mydomain", "cn=*", ctl);
SearchResult sr = ne.nextElement();
Attributes atts = sr.getAttributes();
byte[] objectSid = (byte[])atts.get("objectSid");
</pseudo-code>

Now, let's say you saved this objectSid in a database, and later you
want to query a LDAP server for this objectSid ? Ok, here we go:
<pseudo-code>
SearchControls ctl = new SearchControls(SearchControls.SUBTREE_SCOPE, 0,
0, new String[] {"cn","objectSid"}, true, false);
byte[] data = objectSid; // from previous code
NamingEnumeration ne = ctx.search("dc=mydomain", "objectSid={0}", new
Object[] {data},ctl);
SearchResult sr = ne.nextElement();
Attributes atts = sr.getAttributes();
String cn = atts.get("cn").get();
</pseudo-code>

This follows the Java pattern mechanism (not sure the real name of this
concept).
The query means: find in "dc=mydomain", the attributes that match
objectSid={the 0th object in the argument parameter} which is Object[]
{data}

Hope this will help.