Hello,
I have loaded up the LSC 2.0 code into Eclipse, and have been debugging
this issue further. (BTW: The IDE Setup instructions really need some
updating.)
From what I've been able to determine, all attribute values are read
into LSC via a DirContext.search call in JndiServices.java on line 537:
ne = ctx.search(rewrittenBase, searchFilter, sc);
I have inspected the value of ne immediately following the search, and
determined that the objectSid value is already corrupted at this stage,
with a length of 26, instead of 28. It looks like the DirContext.search
isn't treating the attribute as a binary field, and there is some kind
of character conversion taking place.
Most character values over 128 (0x80) seem to be getting mapped to
unicode 0xFFFD, the default unicode value for an invalid character.
(Values in brackets are impacted)
Source (Len 28):
01 05 00 00 00 00 00 05 15 00 00 00[ab]2b[e9 90]
47[88 dc 84]56[b5 cd]20 [88 97]05 00
Read from LDAP (Len 26):
01 05 00 00 00 00 00 05 15 00 00 00[fffd]2b[fffd]
47[fffd 0704]56[fffd fffd]20 [fffd fffd]05 00
It seems like there is no hope to read the value from LSC as a byte
array using getDatasetById() as long as the value is getting corrupted
on read.
I have found this code sample (
http://www.adamretter.org.uk/blog/entries/LDAPTest.java) which suggests
setting:
env.put("java.naming.ldap.attributes.binary", "objectSID");
To ensure objectSid is returned as a byte array.
I have already set binaryAttributes in lsc.xml for the source connection:
<ldapConnection>
<name>ad-src-conn</name>
<url>ldap://adserver.lcl:389/dc=adserver,dc=lcl</url>
<username>[email protected]</username>
<password>userpassword</password>
<authentication>SIMPLE</authentication>
<pageSize>1000</pageSize>
<tlsActivated>false</tlsActivated>
<binaryAttributes>
<string>objectSid</string>
</binaryAttributes>
</ldapConnection>
Is it possible that this value is not being honored? How do I check?
Any ideas?
Thanks!
Alex
On 8/9/2012 7:40 PM, [email protected] wrote:
Hi Sebastien,
I figured out how to accomplish what you described using the
getDatasetById() method, however, I think there is a problem with how LSC
is getting the data that it is populating into the bean which is
corrupting it.
Here is a sample of the source data:
01 05 00 00 00 00 00 05 15 00 00 00 ab 2b e9 90 ........ .....+..
47 88 dc 84 56 b5 cd 20 88 97 05 00 G...V... ....
LENGTH: 28
Here are my results using the following relevant code:
var
s=java.lang.String(srcBean.getDatasetById("objectSid").iterator().next()).getBytes("US-ASCII");
Then reading the value using:
s[i].toString(16)
String.fromCharCode(s[i])
Outputs:
01 05 00 00 00 00 00 05 15 00 00 00 3f 2b 3f 47 ........ ....?+?G
3f 3f 56 3f 3f 20 3f 3f 05 00 ??V??.?? ..
LENGTH: 26
This is close, but not quite the right data.
getDatasetFirstValueById("objectSid") returns the following:
01 05 00 00 00 00 00 05 15 00 00 00 ef bf bd 2b ........ .......+
ef bf bd 47 ef bf bd dc 84 56 ef bf bd ef bf bd ...G.... .V......
20 ef bf bd ef bf bd 05 00 ........ .
If I use
java.lang.String(getDatasetFirstValueById()).getBytes("US-ASCII"), then it
returns the exact same result as reading the value via getDatasetById().
Any idea what is going on here? Other things to try?
Thanks,
Alex
Hi Alex,
You should take a look at the following Javadoc page :
http://lsc-project.org/javadoc/2.0-SNAPSHOT/org/lsc/beans/IBean.html
You will see that there is a method
(Set<http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true>
<Object<http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true>>
*getDatasetById*(String<http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true>
id))
that you can use to iterate over the results to cast them to a byte array
that you should be able to use.
Kind regards,
--
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/
2012/8/7 <[email protected]>
Hello,
I need to extract the RID from the AD objectSid, and use it to populate
uidNumber in the destination LDAP. All methods I could find in the LSC
documentation seem to corrupt the byte value, preventing parsing of the
objectSid. Most methods return a string, which seems to corrupt the data
during string conversion. The only method which returns a byte array
(getDatasetsBytes) seems to return a small amount of unusable random
data
every time (couldn't find any useful documentation on this one). It
seems
like LSC needs a method like getDatasetBytesById() that returns an
unadulterated byte array for the attribute in question. Is there
presently a method for accomplishing this which I may have missed?
Additional Info:
- LSC 2.0
- I've set <binaryAttribute><string>objectSid</string></binaryAttribute>
in the LDAP source to no avail
Thanks!
Alex
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
Hi Alex,
You should take a look at the following Javadoc page :
http://lsc-project.org/javadoc/2.0-SNAPSHOT/org/lsc/beans/IBean.html
You will see that there is a method
(Set<http://download.oracle.com/javase/6/docs/api/java/util/Set.html?is-external=true>
<Object<http://download.oracle.com/javase/6/docs/api/java/lang/Object.html?is-external=true>>
*getDatasetById*(String<http://download.oracle.com/javase/6/docs/api/java/lang/String.html?is-external=true>
id))
that you can use to iterate over the results to cast them to a byte array
that you should be able to use.
Kind regards,
--
Sebastien BAHLOUL
IAM / Security specialist
Ldap Synchronization Connector : http://lsc-project.org
Blog : http://sbahloul.wordpress.com/
2012/8/7 <[email protected]>
Hello,
I need to extract the RID from the AD objectSid, and use it to populate
uidNumber in the destination LDAP. All methods I could find in the LSC
documentation seem to corrupt the byte value, preventing parsing of the
objectSid. Most methods return a string, which seems to corrupt the data
during string conversion. The only method which returns a byte array
(getDatasetsBytes) seems to return a small amount of unusable random
data
every time (couldn't find any useful documentation on this one). It
seems
like LSC needs a method like getDatasetBytesById() that returns an
unadulterated byte array for the attribute in question. Is there
presently a method for accomplishing this which I may have missed?
Additional Info:
- LSC 2.0
- I've set <binaryAttribute><string>objectSid</string></binaryAttribute>
in the LDAP source to no avail
Thanks!
Alex
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org
lsc-users mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-users
