By: Mark Faulkner user 12 Apr 2018 at 5:49 a.m. CDT

3 Responses
Mark Faulkner gravatar
Hi We are investigating the Cache Refresh process in Gluu CE 3.1.1 and are able to import the following properties from Active Directory: Source -> Destination userPrincipalName -> uid cn -> cn sn -> sn displayName -> displayName mail -> preferredUserName These are all coming across fine, however we also wanted to import the UesrGuid and the UserSid values for use with a SAML integration piece. I went ahead and created some custom attributes to hold these (initally specifying these as Directory Strings in the custom.schema file and Text properties in the oxTrust UI) and referenced them as follows: Source -> Destination ObjectGUID -> UserGUID ObjectSid -> UserSid However during the next Cache Refresh run the values did not get imported correctly. E.g. ObjectGuid gets imported as uM8gwV4clUeCAYMqEXvkNw== ObjectSid gets imported as �^B?��y|?!�%\ Changing the type of the attribute to OctetString in the custom.schema file has the same problem. attributetype ( oxAttribute:1001 NAME 'UserGUID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'Gluu - custom person attribute' ) attributetype ( oxAttribute:1002 NAME 'UserSid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'Gluu - custom person attribute' ) Am I doing something wrong here (i.e. the custom attribute definition is missing something) or is it just not possible to import octet string values into Gluu? Also, if I wanted to import the SID and GUID of a User's AD Group(s) as well how would I go about doing that ? These values are also to be used as part of the SAML integration piece so it would be great to have them as attributes in Gluu on a user record. If you need any more information let me know. Thanks Mark

By Aliaksandr Samuseu staff 12 Apr 2018 at 11:19 a.m. CDT

Aliaksandr Samuseu gravatar
Hi, Mark. Your `ObjectGUID` looks like it was assigned a correct value, and `ObjectSid` looks different most likely because you didn't add it to "binaryAttributes" property in `/etc/gluu/conf/ox-ldap.properties` file (ObjectGUID is added there OOTB). So it should be like this: ``` binaryAttributes=objectGUID, ObjectSid ``` You don't need to change types of any attributes. >Also, if I wanted to import the SID and GUID of a User's AD Group(s) as well how would I go about doing that ? CR can only pull in user entries according to filters you specified, if some data you need cannot be represent by user's attributes, the only way to fetch it as well is to implement custom CR script which will take some attributes ("memberOf", for example), and will do additional LDAP searches against your backend to get more data. Unfortunately, writing custom scripts is not covered by Community Support.

By Aliaksandr Samuseu staff 18 Apr 2018 at 4:55 p.m. CDT

Aliaksandr Samuseu gravatar
Hi, Mark. Was the answer helpful? Should we keep this ticket open?

By Mark Faulkner user 19 Apr 2018 at 3:44 a.m. CDT

Mark Faulkner gravatar
Hi Aliaksandr Yes this was helpful. I added the ObjectSid property to the binaryAttributes and was able to get access to the base64 encoded values of both. I've since written an interception script to convert these back to their original values. After some reading around I've got all the pieces I need as well to query for a user's groups and get their Sids as well. This ticket can now be closed Thanks, Mark