objectSid values is Garbled

[shayulei]

objectSid values is Garbled
And can't get the attribute after "objectSid"
LDAP server is MS AD

[shayulei]

func (e *EntryAttribute) Print()

[agorman]

Try using a base64 encoding.

objectSid := entries.GetRawAttributeValue("objectSid") fmt.Println(base64.StdEncoding.EncodeToString(objectSid))

[bwmarrin]

I ran into this issue as well and couldn't find an existing Go example on how to solve this. So, I found some examples in other languages and wrote a Go version. So, just in case it would be helpful for others, https://github.com/bwmarrin/go-objectsid

[stefanmcshane]

@bwmarrin Feel free to make a pull request to integrate your code and become a contributor. Community support is always welcomed

[bwmarrin]

@stefanmcshane I'm not opposed to that - but I'm not sure the best way to implement this into go-ldap. What go-ldap returns is a valid, albeit low level, result - not a bug.

The issue here is when users want to present that data as a string, how should they go about doing that. They could use my library I linked above or a helper function could also be added to go-ldap.

Or maybe if the library maintainers would prefer to just return the string format, then that's another approach.

I'm open to feedback on what would make the most sense.

[stefanmcshane]

We would not want to change the return value to string as it would cause breaking changes for whomever is using the library.
Ideally, a helper function with a supporting testcases would be used in this scenario.

[L0nm4r]

Try using a base64 encoding.

objectSid := entries.GetRawAttributeValue("objectSid") fmt.Println(base64.StdEncoding.EncodeToString(objectSid))

I have the same problem and I tried this solution as follow, but sid is still empty.

objectSid := entry.GetRawAttributeValue("ObjectSid")
sid := base64.StdEncoding.EncodeToString(objectSid)
fmt.Println(sid)

[agorman]

@L0nm4r if you're setting the searchRequest.Attributes slice make sure you're including objectSid as a value you want returned. You can do this either in the call to NewSearchRequest or by appending the value.

searchRequest.Attributes = append(searchRequest.Attributes, "objectSid") // add other attributes you want returned here.

[L0nm4r]

@L0nm4r if you're setting the searchRequest.Attributes slice make sure you're including ObjectSid as a value you want returned. You can do this either in the call to NewSearchRequest or by appending the value.

searchRequest.Attributes = append(searchRequest.Attributes, "ObjectSid") // add other attributes you want returned here.

I found it was case problem👀, I changed the code like this and it worked :

objectSid := entry.GetRawAttributeValue("objectSid")
sid := base64.StdEncoding.EncodeToString(objectSid)
fmt.Println(sid)

Sorry to bother you and thanks for your reply!

[lkarlslund]

Lots of Active Directory attributes are binary encoded.

The objectSid binary format is documented (very short) here https://ldapwiki.com/wiki/ObjectSID

You could take a look at my project adalanche located here https://github.com/lkarlslund/adalanche

It does decoding of objectSid and ntSecurityDescriptor attributes, and might give you some hints to get you started. It also does kick ass ACL analysis, but that's another matter :)