LDAP, binary value

dserikov07 · May 6, 2025, 4:49pm

Hey!

I am using jmix 2.2.3. using ldap addon to load users from ActiveDirectory. There is an attribute which comes in binary (xKT/+bW/5EaaaNzhrM3w1g==) but in java i get gibberish (Ĥ��F�h��) how do i get this binary as a String ?

i tried to add property java.naming.ldap.attributes.binary=objectGUID
nothing helped. objectGUID is name of attribute.

i.gavrilov · May 12, 2025, 2:14pm

Hello,

Just in case - how did you set this property (via java code or application.properties)?
If you did this via application.properties make sure property name is
spring.ldap.base-environment.java.naming.ldap.attributes.binary=objectGUID.

Also please provide code where you extract value of objectGUID - it might need additional converting.

Regards,
Ivan

dserikov07 · August 28, 2025, 8:01am

@i.gavrilov hey! sorry for late answer, just now saw your answer.
i added in application.properties

spring.ldap.base-environment.java.naming.ldap.attributes.binary=objectGUID
and in code i have

public static String extractGuid(DirContextOperations ctx) {
        Object raw = ctx.getObjectAttribute("objectGUID");

        byte[] guidBytes;
        if (raw instanceof byte[]) {
            guidBytes = (byte[]) raw;
        }
        else if (raw instanceof String) {
            guidBytes = ((String) raw).getBytes(StandardCharsets.ISO_8859_1);
        }
        else {
            log1.warn("\"Unexpected objectGUID type:" + (raw == null ? "null" : raw.getClass()));
            return null;
        }

        return toUuidString(guidBytes);
    }

    private static String toUuidString(byte[] guid) {
        if (guid.length != 16) {
            log1.warn("objectGUID is not 16 bytes!");
            return null;
        }

        ByteBuffer bb = ByteBuffer.wrap(guid);

        bb.order(ByteOrder.LITTLE_ENDIAN);
        int  timeLow   = bb.getInt();
        short timeMid  = bb.getShort();
        short timeHigh = bb.getShort();

        bb.order(ByteOrder.BIG_ENDIAN);
        long rest      = bb.getLong();

        long msb = ((long) timeLow << 32)
                | ((timeMid  & 0xFFFFL) << 16)
                |  (timeHigh & 0xFFFFL);

        UUID uuid = new UUID(msb, rest);
        return uuid.toString();
    }

dserikov07 · August 28, 2025, 10:15am

@i.gavrilov solved,by overriding adSupplier

@Order(Ordered.HIGHEST_PRECEDENCE)
@Component
public class CustomAdAuthSupplier extends ActiveDirectoryAuthenticationManagerSupplier  {

    public CustomAdAuthSupplier(StandardAuthenticationProvidersProducer producers,
                            ApplicationEventPublisher publisher,
                            LdapProperties props,
                            UserDetailsContextMapper mapper,
                            JmixLdapGrantedAuthoritiesMapper authoritiesMapper) {
        super(producers, publisher, props, mapper, authoritiesMapper);
    }

    @Override
    protected AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        ActiveDirectoryLdapAuthenticationProvider p =
                (ActiveDirectoryLdapAuthenticationProvider) super.activeDirectoryLdapAuthenticationProvider();

        Map<String, Object> env = new HashMap<>();
        env.put("java.naming.ldap.attributes.binary", "objectGUID objectSid tokenGroups");
        p.setContextEnvironmentProperties(env);
        return p;
    }
}