WrenSecurity/wrenidm

character size limit for objectUID

Closed this issue · 3 comments

lijinlongpq commented

IDM version: 6.1.0
I have connector connect to Samba AD with "uidAttribute" : "objectGUID", and having below error. Can remove the limitation?
Caused by: org.identityconnectors.framework.common.exceptions.ConnectorException: objectGUID attribute has the wrong length (43). Should be 39 characters.
at org.identityconnectors.ldap.ADLdapUtil.guidStringtoByteString(ADLdapUtil.java:176)
at org.identityconnectors.ldap.search.LdapFilterTranslator.createContainsAllValuesFilter(LdapFilterTranslator.java:211)
at org.identityconnectors.ldap.search.LdapFilterTranslator.createEqualsExpression(LdapFilterTranslator.java:120)
at org.identityconnectors.ldap.search.LdapFilterTranslator.createEqualsExpression(LdapFilterTranslator.java:47)
at org.identityconnectors.framework.common.objects.filter.AbstractFilterTranslator.createLeafExpression(AbstractFilterTranslator.java:418)
at org.identityconnectors.framework.common.objects.filter.AbstractFilterTranslator.createLeafExpression(AbstractFilterTranslator.java:399)
at org.identityconnectors.framework.common.objects.filter.AbstractFilterTranslator.simplifyAndDistribute(AbstractFilterTranslator.java:280)
at org.identityconnectors.framework.common.objects.filter.AbstractFilterTranslator.simplifyAndDistribute(AbstractFilterTranslator.java:268)
at org.identityconnectors.framework.common.objects.filter.AbstractFilterTranslator.translate(AbstractFilterTranslator.java:113)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.rawSearch(SearchImpl.java:149)
at org.identityconnectors.framework.impl.api.local.operations.SearchImpl.search(SearchImpl.java:118)
at jdk.internal.reflect.GeneratedMethodAccessor89.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.identityconnectors.framework.impl.api.local.operations.ConnectorAPIOperationRunnerProxy.invoke(ConnectorAPIOperationRunnerProxy.java:104)
at jdk.proxy8/jdk.proxy8.$Proxy48.search(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor89.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.identityconnectors.framework.impl.api.local.operations.ThreadClassLoaderManagerProxy.invoke(ThreadClassLoaderManagerProxy.java:96)
at jdk.proxy8/jdk.proxy8.$Proxy48.search(Unknown Source)
at jdk.internal.reflect.GeneratedMethodAccessor89.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:568)
at org.identityconnectors.framework.impl.api.BufferedResultsProxy$BufferedResultsHandler.run(BufferedResultsProxy.java:157)

pavelhoral commented

Your filter must contain incorrect filter value. AD GUID is represented as something like this <GUID=2c6bfee3175c0a4e9af01182a2fb0ae1>.

https://github.com/WrenSecurity/openicf-ldap-connector/blob/master/src/main/java/org/identityconnectors/ldap/ADLdapUtil.java#L176

lijinlongpq commented

Thanks,

I can see the objectGUID value in my Samba AD is like:
a1850334-5545-42b8-98b8-94ec8fd4fdd6

And it's 36 characters, don't know why it failed. Anyway now I am using "uidAttribute" : "userPrincipalName", and it works for me.

pavelhoral commented

GUID is basically a binary attribute. The form a1850334-5545-42b8-98b8-94ec8fd4fdd6 is just one possible string representation. ICF's LDAP connector simply expects the string representation to be <GUID=a1850334554542b898b894ec8fd4fdd6>.