LDAP access to AD - using GUID

LDAP access to AD - using GUID

Post by Robert Sevci » Thu, 13 Mar 2003 04:15:53



Hello. Please Help. I need to find|search|access an AD
object thru LDAP protocol using the global unique
identifier (GUID). I spent four hours browsing the webs to
answer this (as I hope) simple question.

which LDAP filter could I use?
this way?
 objectguid={1111-1111-111-111-11-11111}
or
 objectguid=111111111111111111111
or
 objectguid=SDsdAfdGP,;lo4852

I realy don't know and it does not work

or could I bind somehow direct to the object to get the DN?
 with GetObject() works it well with "LDAP://<GUID=xxxx>"
in ASP/VB/JS/C on WIN but I need to use it in PHP and
there is only ldap_connect,bind,search. A good link will
please me too. thank you.

 
 
 

LDAP access to AD - using GUID

Post by Jason Robarts [MS » Thu, 13 Mar 2003 05:17:30


In your php search try using the guid based form of the name (<GUID=...>)
instead of a dn in the search function.  The guid based name is processed on
the server side.

--
Jason Robarts
Active Directory Test Team
AD Home Page -
http://www.microsoft.com/windows2000/technologies/directory/AD/defaul...

This posting is provided "AS IS" with no warranties, and confers no rights.


Quote:> Hello. Please Help. I need to find|search|access an AD
> object thru LDAP protocol using the global unique
> identifier (GUID). I spent four hours browsing the webs to
> answer this (as I hope) simple question.

> which LDAP filter could I use?
> this way?
>  objectguid={1111-1111-111-111-11-11111}
> or
>  objectguid=111111111111111111111
> or
>  objectguid=SDsdAfdGP,;lo4852

> I realy don't know and it does not work

> or could I bind somehow direct to the object to get the DN?
>  with GetObject() works it well with "LDAP://<GUID=xxxx>"
> in ASP/VB/JS/C on WIN but I need to use it in PHP and
> there is only ldap_connect,bind,search. A good link will
> please me too. thank you.


 
 
 

LDAP access to AD - using GUID

Post by Joe Kapla » Thu, 13 Mar 2003 05:50:15


In an ldap search filter, you need to specify the an octet string with a
leading \ on each byte:

objectguid=\35\7B\4B\FB\AF\E0\D2\11\86\8C\00\C0\4F\86\07\E2

If you are doing a bind to the object, you use the syntax that that Jason
specified.  The bind will generally be faster, but it depends on what you
want to do.

Joe K.



> In your php search try using the guid based form of the name (<GUID=...>)
> instead of a dn in the search function.  The guid based name is processed
on
> the server side.

> --
> Jason Robarts
> Active Directory Test Team
> AD Home Page -
> http://www.microsoft.com/windows2000/technologies/directory/AD/defaul...

> This posting is provided "AS IS" with no warranties, and confers no
rights.



> > Hello. Please Help. I need to find|search|access an AD
> > object thru LDAP protocol using the global unique
> > identifier (GUID). I spent four hours browsing the webs to
> > answer this (as I hope) simple question.

> > which LDAP filter could I use?
> > this way?
> >  objectguid={1111-1111-111-111-11-11111}
> > or
> >  objectguid=111111111111111111111
> > or
> >  objectguid=SDsdAfdGP,;lo4852

> > I realy don't know and it does not work

> > or could I bind somehow direct to the object to get the DN?
> >  with GetObject() works it well with "LDAP://<GUID=xxxx>"
> > in ASP/VB/JS/C on WIN but I need to use it in PHP and
> > there is only ldap_connect,bind,search. A good link will
> > please me too. thank you.

 
 
 

1. Can't get attribute values using LDAP (using VB) to non-MS LDAP server

I am trying to write a simple program in VBASIC using the ADSI-LDAP provider
to retireve the values of some attributes from an LDAP directory (on a
Solaris box).

While the standard ADSI / ADO objects seem to have no trouble accessing this
directory, I have only been able to retrieve object names (ADsPath ?) from
the returned results, but I have not been able to figure out how to get the
values of the attributes.

To recap my efforts: First I tried specifying the LDAP syntax search string
as:
<LDAP://myserver/my_root_dn>;(objectClass=myClass);firstname,lastname;subtree

and while I got back all the ADsPath's to the required objects, the attribute
values I wanted to see (firstname, lastname) were not present.

 All right, so then I figured let me bind to the object itself  (since I now
have the DN) and get the attributes that way. So I then tried:
<LDAP://myserver/adspath>;(objectClass=DMOUser);firstname,lastname;base

 but that doesn't work either. The only thing that comes back is ADsPath. The
firstname, lastname attributes did not show up.

So how can I see the attribute values? Is there some limitation on accessing
non-Microsoft LDAP directories? If anyone has a code sample (in VB) I would
much appreciate it as well.

Thank you in advance. If at all possible, if you could E-mail me a copy of
your reply would be of great benefit, since my news server does not get this
news group.

 Hayim S. Hendeles

Sent via Deja.com http://www.deja.com/
Before you buy.

2. Bills Calendar v. Budget in Money98 - Richard? Kim?

3. Changing AD password in LDAP using PHP

4. Large OutLook.pst file

5. Error connecting to AD using ADSI and LDAP on NT4

6. VB.NET Word document Errors

7. Can't access AD via LDAP & ADSI from ASP.NET (VB) page

8. Windows Messaging

9. LDAP API : Binary Values : How to know if GUID?

10. Getting the GUID to match from LDAP: and WinNT:

11. Urgent: Getting AD objects by GUID in .NET

12. Returning a User's GUID when Searcing AD

13. need help getting User from AD searching by User GUID