By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
455,446 Members | 1,623 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 455,446 IT Pros & Developers. It's quick & easy.

ldap_search objectGUID in AD

P: n/a
Hi all,
this is _really_ bugging me, and the Google God has failed me:

Doing an ldap_search of a Wink2k Active Directory trying to get the
objectGUID. This is a unique id within AD and is meant to be a 128bit
octal string. (16 bytes).

Works 99% of the time, but the occasional objectGUID comes up short.
e.g.

$ld_filter = '(sAMAccountName=*)';
$ld_data = array('objectGUID', 'sAMAccountName');
$ld_sr = ldap_search($Connect, $ldap_base_dn, $ld_filter);
$ld_info = ldap_get_entries($Connect, $ld_sr);
for($i=0; $i < $ld_info['count']; $i++) {
$o = $ld_info[$i]['objectguid'][0];
$len = strlen($o);
print("len: $len <br>");
}

MOST of the entries are the correct 16 bytes, a FEW are not. It's like
the occasional objectGUID is barfing php somehow and not getting placed
into the holder variable, or something. Only getting the first x bytes.

The correct entries I can convert to an escaped hex string and then
search AD correctly. The incorrect ones, can't be used.

Doing an ldap_search from the command line generates a base64 encoded
string, which I can decode, convert to hex and search properly, so it's
not the AD data.

PHP Version 4.3.2
Apache/1.3.28
Linux tnz014 2.4.18-14 #1 Wed Sep 4 11:57:57 EDT 2002 i586
ldap.c,v 1.130.2.4 2003/04/30 21:54:02 iliaa Exp $

Any ideas????

Cheers,
Alan Way
Jul 17 '05 #1
Share this Question
Share on Google+
1 Reply


P: n/a
Sacs wrote:

$ld_filter = '(sAMAccountName=*)';
$ld_data = array('objectGUID', 'sAMAccountName');
$ld_sr = ldap_search($Connect, $ldap_base_dn, $ld_filter);
$ld_info = ldap_get_entries($Connect, $ld_sr);
for($i=0; $i < $ld_info['count']; $i++) {
$o = $ld_info[$i]['objectguid'][0];
$len = strlen($o);
print("len: $len <br>");
}

MOST of the entries are the correct 16 bytes, a FEW are not. It's like
the occasional objectGUID is barfing php somehow and not getting placed
into the holder variable, or something. Only getting the first x bytes.


Solved the bugger. ldap_get_entries() handles the data as strings,
which is not good for binary data containing nulls (like the AD
objectGUID may do).

So, I need to use ldap_get_values_len() to extract the binary data :-)
e.g. to get the objectGUID of an organisation unit:

function getGUIDbyOU ($ou) {
global $ldap_base_dn, $ldap_server, $ldap_bind_d, $ldap_bind_user;

$Connect = ldap_connect($ldap_server) ;
$Bind = ldap_bind($Connect, $ldap_bin_dn, $ldap_bind_user);

$ld_filter = '(ou=' . $ou . ')';
$ld_data = array('objectGUID');
$ld_sr = ldap_search($Connect, $ldap_base_dn, $ld_filter, $ld_data);
if(ldap_count_entries($Connect, $ld_sr) > 0) {
$entry = ldap_first_entry($Connect, $ld_sr);
$guid = ldap_get_values_len($Connect, $entry, 'objectguid');
return $guid[0];
} else {
return NULL;
}
}

Thanks to anyone who bothered reading the parent :-)

Alan
Jul 17 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.