I'm using java ldap to access active directory, more specifically spring ldap. a group search by objectGUID yields no results when the filter is encoded as specified in rfc2254.
this is the guid in its hex representation:
\49\00\f2\58\1e\93\69\4b\ba\5f\8b\86\54\e9\d8\e9
spring ldap encodes the filter like that:
(&(objectClass=group)(objectGUID=\5c49\5c00\5cf2\5c58\5c1e\5c93\5c69\5c4b\5cba\5c5f\5c8b\5c86\5c54\5ce9\5cd8\5ce9))
as mentioned in rfc2254 and in microsoft technet:
the character must be encoded as the backslash '' character (ASCII 0x5c) followed by the two hexadecimal digits representing the ASCII value of the encoded character. The case of the two hexadecimal digits is not significant. Blockquote
so a backslash should be '\5c'
but I get no results with above filter from AD. also if I put that filter in AD management console custom filters it does not work. when I remove the 5c from the filter it works both from java and in AD console.
Am I missing something here?
of course I can encode the filter without the 5c but I'm nt sure it the right way and I prefer to let spring encode the filters because it knows a lot of things that I should do manually.
I think the blog entry at:http://www.developerscrappad.com/1109/windows/active-directory/java-ldap-jndi-2-ways-of-decoding-and-using-the-objectguid-from-windows-active-directory/ provides the information you need.