[cifs-protocol] RE: Answer: SRX080609601575 : [MS-ADA3]: 2.43 2.44
string forms of AD attributes
billwe at microsoft.com
Tue Jun 17 16:05:00 GMT 2008
Good day again! I have filed the below bug against the MS-ADA3 document. I apologize for my earlier incorrect answer (which stated that objectGUID and objectSID had no 'human-readable' string format available for use within ldap filters.
It turns out that the AD specialist I consulted with was speaking with respect to LDAP generically, not the Microsoft implementation (which I was listening as pertaining to).
Additionally, the list of special semantics for our implementation is specifically against objectSID and objectGUID; there is no schema attribute that specifies or allows for this.
Using objectGUID to Bind to an Object
In MS-ADA3 - 2.43 and 2.44 we see a description of the objectGUID and objectSID attributes. Helpful cross-references to MS-DTYP are included.
However, no reference in either document is made to the ability of AD LDAP servers to accept string (rather than binary) forms of these attributes in searches.
Is there a schema attribute that defines which attribute types allow these kinds of polymorphic searches, or is it a hard-coded list?
There are special hard coded-semantics on the Active Directory attribute 'objectGUID' and 'objectSID' attributes (which are both typed internally as OctetStrings).
The following shows the human-readable string forms (string) understood by the Active Directory Services LDAP server for these attributes:
The String Representation of LDAP Search Filters
MCSE / Escalation Engineer, US-CSS DSC PROTOCOL TEAM
8055 Microsoft Way
Charlotte, NC 28273
More information about the cifs-protocol