[cifs-protocol] Structure of prefixMap over LDAP

Obaid Farooqi obaidf at microsoft.com
Fri Dec 11 13:09:04 MST 2009 

Hi Andrew:
We have finished our investigation on your question regarding prefixMap appearing on the wire.

PrefixMap is an attribute specific to Microsoft's Active Directory implementation.  It is used by the system to map an internal structure to its corresponding OID.  PrefixMap resides in the directory and, as a consequence, can be retrieved via LDAP by using any LDAP-capable tool such as LDP or LDIFDE.

PrefixMap does not appear on wire for any LDAP protocol related messages. Microsoft LDAP implementation do not access or use the attribute over wire. It only appears on the wire when explicitly requested. 

Please let me know if this answers your question. If yes, I'll consider this issue resolved.

Regards,
Obaid Farooqi
Sr. Support Escalation Engineer | Microsoft

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Tuesday, November 10, 2009 6:39 PM
To: Interoperability Documentation Help
Cc: cifs-protocol at samba.org; pfif at tridgell.net
Subject: Structure of prefixMap over LDAP

MS-ADA3 2.115 describes the prefixmap:

  Attribute prefixMap
  The prefixMap attribute is for internal use only.

However, it is exposed over LDAP, and I don't see a description of it's format in MS-ADTS.  With ldp I see only: 'binary blob'.  With ldbsearch, I see:

bin/ldbsearch -H ldap://win2k3-2.ad.naomi.abartlet.net -s base -b CN=Schema,CN=Configuration,DC=ad,DC=naomi,DC=abartlet,DC=net
-Uadministrator prefixMap

# record 1
dn: CN=Schema,CN=Configuration,DC=ad,DC=naomi,DC=abartlet,DC=net
prefixMap::
BwAAAFkAAADUEQcAKoZIikEBBcsTCAAqhkiB/xcBBbZuCAAqhkiBzBEBBVBvCAAqhk
 iCugUBBesFCAAqhkiB8xcBBZQGBwAqhkiJHQEFzwYHACqGSNMFAQU=

(and our --show-binary option does not know how to parse this). 

It was in the past assumed that this attribute was not available over LDAP, but as it is, could you please describe the format?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.

More information about the cifs-protocol mailing list