使用rfc2254中指定的objectGUID编码的活动目录过滤器不起作用 [英] active directory filter with objectGUID encoded as specified in rfc2254 doesn't work
问题描述
我正在使用Java ldap访问活动目录,更具体地说是spring ldap. 按rfc2254中的指定对过滤器进行编码时,由objectGUID进行的组搜索不会产生任何结果.
I'm using java ldap to access active directory, more specifically spring ldap. a group search by objectGUID yields no results when the filter is encoded as specified in rfc2254.
这是十六进制表示形式的guid:
this is the guid in its hex representation:
\49\00\f2\58\1e\93\69\4b\ba\5f\8b\86\54\e9\d8\e9
spring ldap对过滤器进行如下编码:
spring ldap encodes the filter like that:
(&(objectClass=group)(objectGUID=\5c49\5c00\5cf2\5c58\5c1e\5c93\5c69\5c4b\5cba\5c5f\5c8b\5c86\5c54\5ce9\5cd8\5ce9))
如 rfc2254 和Microsoft
as mentioned in rfc2254 and in microsoft technet:
必须将字符编码为反斜杠"\"字符(ASCII 0x5c),然后是代表ASCII的两个十六进制数字 编码字符的值.两个十六进制的情况 数字并不重要. 引用
the character must be encoded as the backslash '\' character (ASCII 0x5c) followed by the two hexadecimal digits representing the ASCII value of the encoded character. The case of the two hexadecimal digits is not significant. Blockquote
所以反斜杠应该是'\ 5c'
so a backslash should be '\5c'
但是使用AD的上述过滤器后,我没有任何结果.同样,如果我将该过滤器放入AD管理控制台自定义过滤器中,则该过滤器将不起作用. 当我从过滤器中删除5c时,它可以在Java和AD控制台中使用.
but I get no results with above filter from AD. also if I put that filter in AD management console custom filters it does not work. when I remove the 5c from the filter it works both from java and in AD console.
我在这里想念东西吗?
我当然可以在没有5c的情况下对过滤器进行编码,但是我不确定它是正确的方式,我更喜欢让spring对过滤器进行编码,因为它知道很多我应该手动执行的操作.
of course I can encode the filter without the 5c but I'm nt sure it the right way and I prefer to let spring encode the filters because it knows a lot of things that I should do manually.
推荐答案
I think the blog entry at:http://www.developerscrappad.com/1109/windows/active-directory/java-ldap-jndi-2-ways-of-decoding-and-using-the-objectguid-from-windows-active-directory/ provides the information you need.
这篇关于使用rfc2254中指定的objectGUID编码的活动目录过滤器不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
