How to get decoded objectGUID from Active directory using UnboundID LDAP SDK in java?

Question

Scenario 1: I am able to obtain objectGUID from active directory but it's not in readable string format. Also we need to store it in db with decoded format. With the given example in the provided link " http://www.developerscrappad.com/1109/windows/active-directory/java-ldap-jndi-2-ways-of-decoding-and-using-the-objectguid-from-windows-active-directory/ ", it demonstrates how to decode objectGUID, but they considered objectGUID length 16 byte(128 bit). In our case, when I try to obtain objectGUID, i get more than 128 bit and sometime i get less than 128 bit ie we don't get specific bit length. My implemented code for the reference:

public class GetLDAPUsers {

public static void main(String args[]) {
    new GetLDAPUsers().getUserFromAD();
}

void getUserFromAD() {
    try {
        LDAPConnection connection = new LDAPConnection("192.xxx.xx.xxx", 389);
        System.out.println(connection);
        String baseDN = "DC=wcomp1,DC=com";
        String[] attributes = { "entryUUID", "sn", "mail", "givenName",
                "objectGUID", "userAccountControl", "isDeleted", "modifyTimestamp", "WhenChanged", "WhenCreated"};
        // Set Ldap Connection Options for server timeout
        LDAPConnectionOptions connOption = new LDAPConnectionOptions();
        connOption.setAutoReconnect(true);
        connOption.setConnectTimeoutMillis(55000);
        connection.setConnectionOptions(connOption);
        //connection bind
        connection.bind("CN=abc,CN=ab,DC=users,DC=com", "password");
        System.out.println("connection successfully");

        //search filter query for search specific user,for all users use (&(objectclass=User)) filter.
        Filter filter = Filter.create("(&(objectclass=User)(givenName=testUserName))");
        SearchRequest searchRequest = new SearchRequest(baseDN, SearchScope.SUB, filter,
                attributes);
        SearchResult searchResult = connection.search(searchRequest);
        //get user detail
        for (SearchResultEntry searchResultEntry : searchResult.getSearchEntries()) {


            System.out.println("user name " + searchResultEntry.getAttribute("givenName").getValue() + 
                    searchResultEntry.getAttribute("objectGUID").getValue()); //We get here objectGUID string which unreadable format 

            //We convert here objectGUID in dashed string 
            System.out.println("decoded objectGUID = " + convertToDashedString(searchResultEntry.getAttribute("objectGUID").getValue().getBytes()));
        }

    } catch (Exception e) {
        e.printStackTrace();
    }
}

public static String convertToDashedString(byte[] objectGUID) {
    StringBuilder displayStr = new StringBuilder();
    displayStr.append(prefixZeros((int) objectGUID[3] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[2] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[1] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[0] & 0xFF));
    displayStr.append("-");
    displayStr.append(prefixZeros((int) objectGUID[5] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[4] & 0xFF));
    displayStr.append("-");
    displayStr.append(prefixZeros((int) objectGUID[7] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[6] & 0xFF));
    displayStr.append("-");
    displayStr.append(prefixZeros((int) objectGUID[8] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[9] & 0xFF));
    displayStr.append("-");
    displayStr.append(prefixZeros((int) objectGUID[10] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[11] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[12] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[13] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[14] & 0xFF));
    displayStr.append(prefixZeros((int) objectGUID[15] & 0xFF));
    return displayStr.toString();
}


private static String prefixZeros(int value) {
    if (value <= 0xF) {
        StringBuilder sb = new StringBuilder("0");
        sb.append(Integer.toHexString(value));

        return sb.toString();

    } else {
        return Integer.toHexString(value);
    }
}

}

Scenario 2: Also when i try to fetch objectGUID using above example in windows environment and linux environment I get different objectGUID for the same user.

Answer 1

You cannot interpret the ObjectGUID as a string. Normally, I would set directory context environment to return ObjectGUID as a byte[] and then use the convert method

env.put("java.naming.ldap.attributes.binary", "ObjectGUID");

String newGuid = convertToDashedString(guid);

Answer 2

You can simply do this:

public static String getGuidFromByteArray(byte[] bytes) {
    ByteBuffer bb = ByteBuffer.wrap(bytes);
    long high = bb.getLong();
    long low = bb.getLong();
    UUID uuid = new UUID(high, low);
    return uuid.toString();
}

Answer 3

For Spring: to inject property

java.naming.ldap.attributes.binary

correctly into ldapTemplate.

https://stackoverflow.com/a/52209645/406065

Answer 4

Corrections in above code: searchResultEntry.getAttribute("objectGUID").getValueByteArray()

This above will give you the byte array that you can use to encode with Base64.

The below is wrong: searchResultEntry.getAttribute("objectGUID").getValue().getBytes() will convert the result to String and then to bytes which is incorrect.