Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
1 Solution
Accepted Solutions
Okay, finally I have fixed the problem.
objectSid is a byte[] asn.1 encoded. It is not possible to "get" it directly from LDAP in string and then use method such as public static String getSIDAsString(String objectSid). It cannot work.
You must use env.put("java.naming.ldap.attributes.binary","objectSid");
Next problem is : if you open an ldap request per objectSid you will quickly open too much connections. Ldap pool (establishing one session, and sharing this session to perform your ldap requests) is highly recommended.
In order to do so, I have designed one routine and also the following design :
tLDAPInput ----> tJavaRow ---> tLogrow --> tFileOutpuExcel
tJavaRow's code is the following:
output_row.cn = input_row.cn;
output_row.SID = routines.UsePool.LdapPoolSid(input_row.cn);
Add int the output schema an "SID" row with String type.
Here is the code of the routine UsePool (quick & dirty):
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class UsePool {
// @SuppressWarnings("unchecked")
public static String LdapPoolSid(String objectName) {
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
String dirRoot = "/ou= People,DC=mycompany,DC=com";
String adminName = "cn=myadmin, ou=srvaccount, ou=it, DC=mycompany,DC=com";
String adminPassword ="itisasecret";
String ldapURL ="ldap://myserver:389";
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
//env.put(Context.PROVIDER_URL, ldapURL);
// Enable connection pooling
env.put("com.sun.jndi.ldap.connect.pool", "true");
//specify attributes to be returned in binary format
env.put("java.naming.ldap.attributes.binary","objectSID");
try {
//connect to my domain controller
env.put(Context.PROVIDER_URL, ldapURL);
env.put("com.sun.jndi.ldap.netscape.schemaBugs", "true");
// debug only
//env.put("com.sun.jndi.ldap.trace.ber", System.out);
// Create one initial context (Get connection from pool)
DirContext ctx = new InitialDirContext(env);
//Setup the search object. With this, we will pass in a base DN, and search all the child nodes
//In the ldap
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = "(&(objectClass=user)(cn=" + objectName +"))";
//Specify the Base for the search
String searchBase ="DC=fr,DC=ema,DC=ad,DC=pwcinternal,DC=com";
//initialize counter to total the group members for debug ... not useful here
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"cn","distinguishedName","objectSID"};
searchControls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchControls);
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore()
{
Attribute attr = (Attribute)ae.next();
// System.out.println("Attribute: " + attr.getID());
System.out.println("XXXXXXXXXXX " +attrs.get("cn").get());
byte[] SID = (byte[])attrs.get("objectSID").get();
String strSID = getSIDasStringOfBytes(SID);
System.out.println("YYYYYYYYYYYYYY " + strSID );
return strSID;
}
}
catch (NamingException e) {
System.err.println("Problem listing membership: " + e);
return "objectSID_ERROR";
}
ctx.close();
}
}
} catch (NamingException ne) {
ne.printStackTrace();
System.out.println("Error: " + ne);
return "objectSID_ERROR";
}
return "objectSID_ERROR";
}
public static String getSIDasStringOfBytes(byte[] sid) {
String strSID = "";
int version;
long authority;
int count;
String rid = "";
strSID = "S";
// get version
version = sid;
strSID = strSID + "-" + Integer.toString(version);
for (int i=6; i>0; i--) {
rid += byte2hex(sid );
}
// get authority
authority = Long.parseLong(rid);
strSID = strSID + "-" + Long.toString(authority);
//next byte is the count of sub-authorities
count = sid&0xFF;
//iterate all the sub-auths
for (int i=0;i<count;i++) {
rid = "";
for (int j=11; j>7; j--) {
rid += byte2hex(sid);
}
strSID = strSID + "-" + Long.parseLong(rid,16);
}
return strSID;
}
public static String byte2hex(byte b) {
String ret = Integer.toHexString((int)b&0xFF);
if (ret.length()<2) ret = "0"+ret;
return ret;
}
Bye, Olivier
PS: I bet there is some cleanup to do in the code, any feedback is welcome !
objectSid is a byte[] asn.1 encoded. It is not possible to "get" it directly from LDAP in string and then use method such as public static String getSIDAsString(String objectSid). It cannot work.
You must use env.put("java.naming.ldap.attributes.binary","objectSid");
Next problem is : if you open an ldap request per objectSid you will quickly open too much connections. Ldap pool (establishing one session, and sharing this session to perform your ldap requests) is highly recommended.
In order to do so, I have designed one routine and also the following design :
tLDAPInput ----> tJavaRow ---> tLogrow --> tFileOutpuExcel
tJavaRow's code is the following:
output_row.cn = input_row.cn;
output_row.SID = routines.UsePool.LdapPoolSid(input_row.cn);
Add int the output schema an "SID" row with String type.
Here is the code of the routine UsePool (quick & dirty):
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class UsePool {
// @SuppressWarnings("unchecked")
public static String LdapPoolSid(String objectName) {
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
String dirRoot = "/ou= People,DC=mycompany,DC=com";
String adminName = "cn=myadmin, ou=srvaccount, ou=it, DC=mycompany,DC=com";
String adminPassword ="itisasecret";
String ldapURL ="ldap://myserver:389";
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
//env.put(Context.PROVIDER_URL, ldapURL);
// Enable connection pooling
env.put("com.sun.jndi.ldap.connect.pool", "true");
//specify attributes to be returned in binary format
env.put("java.naming.ldap.attributes.binary","objectSID");
try {
//connect to my domain controller
env.put(Context.PROVIDER_URL, ldapURL);
env.put("com.sun.jndi.ldap.netscape.schemaBugs", "true");
// debug only
//env.put("com.sun.jndi.ldap.trace.ber", System.out);
// Create one initial context (Get connection from pool)
DirContext ctx = new InitialDirContext(env);
//Setup the search object. With this, we will pass in a base DN, and search all the child nodes
//In the ldap
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = "(&(objectClass=user)(cn=" + objectName +"))";
//Specify the Base for the search
String searchBase ="DC=fr,DC=ema,DC=ad,DC=pwcinternal,DC=com";
//initialize counter to total the group members for debug ... not useful here
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"cn","distinguishedName","objectSID"};
searchControls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchControls);
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore()
{
Attribute attr = (Attribute)ae.next();
// System.out.println("Attribute: " + attr.getID());
System.out.println("XXXXXXXXXXX " +attrs.get("cn").get());
byte[] SID = (byte[])attrs.get("objectSID").get();
String strSID = getSIDasStringOfBytes(SID);
System.out.println("YYYYYYYYYYYYYY " + strSID );
return strSID;
}
}
catch (NamingException e) {
System.err.println("Problem listing membership: " + e);
return "objectSID_ERROR";
}
ctx.close();
}
}
} catch (NamingException ne) {
ne.printStackTrace();
System.out.println("Error: " + ne);
return "objectSID_ERROR";
}
return "objectSID_ERROR";
}
public static String getSIDasStringOfBytes(byte[] sid) {
String strSID = "";
int version;
long authority;
int count;
String rid = "";
strSID = "S";
// get version
version = sid;
strSID = strSID + "-" + Integer.toString(version);
for (int i=6; i>0; i--) {
rid += byte2hex(sid );
}
// get authority
authority = Long.parseLong(rid);
strSID = strSID + "-" + Long.toString(authority);
//next byte is the count of sub-authorities
count = sid&0xFF;
//iterate all the sub-auths
for (int i=0;i<count;i++) {
rid = "";
for (int j=11; j>7; j--) {
rid += byte2hex(sid);
}
strSID = strSID + "-" + Long.parseLong(rid,16);
}
return strSID;
}
public static String byte2hex(byte b) {
String ret = Integer.toHexString((int)b&0xFF);
if (ret.length()<2) ret = "0"+ret;
return ret;
}
Bye, Olivier
PS: I bet there is some cleanup to do in the code, any feedback is welcome !
Okay, finally I have fixed the problem.
objectSid is a byte[] asn.1 encoded. It is not possible to "get" it directly from LDAP in string and then use method such as public static String getSIDAsString(String objectSid). It cannot work.
You must use env.put("java.naming.ldap.attributes.binary","objectSid");
Next problem is : if you open an ldap request per objectSid you will quickly open too much connections. Ldap pool (establishing one session, and sharing this session to perform your ldap requests) is highly recommended.
In order to do so, I have designed one routine and also the following design :
tLDAPInput ----> tJavaRow ---> tLogrow --> tFileOutpuExcel
tJavaRow's code is the following:
output_row.cn = input_row.cn;
output_row.SID = routines.UsePool.LdapPoolSid(input_row.cn);
Add int the output schema an "SID" row with String type.
Here is the code of the routine UsePool (quick & dirty):
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class UsePool {
// @SuppressWarnings("unchecked")
public static String LdapPoolSid(String objectName) {
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
String dirRoot = "/ou= People,DC=mycompany,DC=com";
String adminName = "cn=myadmin, ou=srvaccount, ou=it, DC=mycompany,DC=com";
String adminPassword ="itisasecret";
String ldapURL ="ldap://myserver:389";
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
//env.put(Context.PROVIDER_URL, ldapURL);
// Enable connection pooling
env.put("com.sun.jndi.ldap.connect.pool", "true");
//specify attributes to be returned in binary format
env.put("java.naming.ldap.attributes.binary","objectSID");
try {
//connect to my domain controller
env.put(Context.PROVIDER_URL, ldapURL);
env.put("com.sun.jndi.ldap.netscape.schemaBugs", "true");
// debug only
//env.put("com.sun.jndi.ldap.trace.ber", System.out);
// Create one initial context (Get connection from pool)
DirContext ctx = new InitialDirContext(env);
//Setup the search object. With this, we will pass in a base DN, and search all the child nodes
//In the ldap
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = "(&(objectClass=user)(cn=" + objectName +"))";
//Specify the Base for the search
String searchBase ="DC=fr,DC=ema,DC=ad,DC=pwcinternal,DC=com";
//initialize counter to total the group members for debug ... not useful here
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"cn","distinguishedName","objectSID"};
searchControls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchControls);
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore() {
Attribute attr = (Attribute)ae.next();
// System.out.println("Attribute: " + attr.getID());
System.out.println("XXXXXXXXXXX " +attrs.get("cn").get());
byte[] SID = (byte[])attrs.get("objectSID").get();
String strSID = getSIDasStringOfBytes(SID);
System.out.println("YYYYYYYYYYYYYY " + strSID );
return strSID;
}
}
catch (NamingException e) {
System.err.println("Problem listing membership: " + e);
return "objectSID_ERROR";
}
ctx.close();
}
}
} catch (NamingException ne) {
ne.printStackTrace();
System.out.println("Error: " + ne);
return "objectSID_ERROR";
}
return "objectSID_ERROR";
}
public static String getSIDasStringOfBytes(byte[] sid) {
String strSID = "";
int version;
long authority;
int count;
String rid = "";
strSID = "S";
// get version
version = sid;
strSID = strSID + "-" + Integer.toString(version);
for (int i=6; i>0; i--) {
rid += byte2hex(sid );
}
// get authority
authority = Long.parseLong(rid);
strSID = strSID + "-" + Long.toString(authority);
//next byte is the count of sub-authorities
count = sid&0xFF;
//iterate all the sub-auths
for (int i=0;i<count;i++) {
rid = "";
for (int j=11; j>7; j--) {
rid += byte2hex(sid);
}
strSID = strSID + "-" + Long.parseLong(rid,16);
}
return strSID;
}
public static String byte2hex(byte b) {
String ret = Integer.toHexString((int)b&0xFF);
if (ret.length()<2) ret = "0"+ret;
return ret;
}
Bye, Olivier
PS: I bet there is some cleanup to do in the code, any feedback is welcome !
objectSid is a byte[] asn.1 encoded. It is not possible to "get" it directly from LDAP in string and then use method such as public static String getSIDAsString(String objectSid). It cannot work.
You must use env.put("java.naming.ldap.attributes.binary","objectSid");
Next problem is : if you open an ldap request per objectSid you will quickly open too much connections. Ldap pool (establishing one session, and sharing this session to perform your ldap requests) is highly recommended.
In order to do so, I have designed one routine and also the following design :
tLDAPInput ----> tJavaRow ---> tLogrow --> tFileOutpuExcel
tJavaRow's code is the following:
output_row.cn = input_row.cn;
output_row.SID = routines.UsePool.LdapPoolSid(input_row.cn);
Add int the output schema an "SID" row with String type.
Here is the code of the routine UsePool (quick & dirty):
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class UsePool {
// @SuppressWarnings("unchecked")
public static String LdapPoolSid(String objectName) {
// Set up environment for creating initial context
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
String dirRoot = "/ou= People,DC=mycompany,DC=com";
String adminName = "cn=myadmin, ou=srvaccount, ou=it, DC=mycompany,DC=com";
String adminPassword ="itisasecret";
String ldapURL ="ldap://myserver:389";
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//connect to my domain controller
//env.put(Context.PROVIDER_URL, ldapURL);
// Enable connection pooling
env.put("com.sun.jndi.ldap.connect.pool", "true");
//specify attributes to be returned in binary format
env.put("java.naming.ldap.attributes.binary","objectSID");
try {
//connect to my domain controller
env.put(Context.PROVIDER_URL, ldapURL);
env.put("com.sun.jndi.ldap.netscape.schemaBugs", "true");
// debug only
//env.put("com.sun.jndi.ldap.trace.ber", System.out);
// Create one initial context (Get connection from pool)
DirContext ctx = new InitialDirContext(env);
//Setup the search object. With this, we will pass in a base DN, and search all the child nodes
//In the ldap
SearchControls searchControls = new SearchControls();
searchControls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = "(&(objectClass=user)(cn=" + objectName +"))";
//Specify the Base for the search
String searchBase ="DC=fr,DC=ema,DC=ad,DC=pwcinternal,DC=com";
//initialize counter to total the group members for debug ... not useful here
int totalResults = 0;
//Specify the attributes to return
String returnedAtts[]={"cn","distinguishedName","objectSID"};
searchControls.setReturningAttributes(returnedAtts);
//Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchControls);
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
Attributes attrs = sr.getAttributes();
if (attrs != null) {
try {
for (NamingEnumeration ae = attrs.getAll();ae.hasMore()
{
Attribute attr = (Attribute)ae.next();
// System.out.println("Attribute: " + attr.getID());
System.out.println("XXXXXXXXXXX " +attrs.get("cn").get());
byte[] SID = (byte[])attrs.get("objectSID").get();
String strSID = getSIDasStringOfBytes(SID);
System.out.println("YYYYYYYYYYYYYY " + strSID );
return strSID;
}
}
catch (NamingException e) {
System.err.println("Problem listing membership: " + e);
return "objectSID_ERROR";
}
ctx.close();
}
}
} catch (NamingException ne) {
ne.printStackTrace();
System.out.println("Error: " + ne);
return "objectSID_ERROR";
}
return "objectSID_ERROR";
}
public static String getSIDasStringOfBytes(byte[] sid) {
String strSID = "";
int version;
long authority;
int count;
String rid = "";
strSID = "S";
// get version
version = sid;
strSID = strSID + "-" + Integer.toString(version);
for (int i=6; i>0; i--) {
rid += byte2hex(sid );
}
// get authority
authority = Long.parseLong(rid);
strSID = strSID + "-" + Long.toString(authority);
//next byte is the count of sub-authorities
count = sid&0xFF;
//iterate all the sub-auths
for (int i=0;i<count;i++) {
rid = "";
for (int j=11; j>7; j--) {
rid += byte2hex(sid);
}
strSID = strSID + "-" + Long.parseLong(rid,16);
}
return strSID;
}
public static String byte2hex(byte b) {
String ret = Integer.toHexString((int)b&0xFF);
if (ret.length()<2) ret = "0"+ret;
return ret;
}
Bye, Olivier
PS: I bet there is some cleanup to do in the code, any feedback is welcome !
