search

mattermost / docs

Mattermost documentation
https://docs.mattermost.com
BSD 3-Clause "New" or "Revised" License
206 stars 567 forks source link

Request for Documentation: How Mattermost stores AD objectGUIDs in Users.AuthData and UserGroups.RemoteId #3135

Closed matterdoc closed 1 year ago

matterdoc commented 4 years ago

Mattermost user martin.kraft from https://community.mattermost.com has requested the following be documented:

The Active Directory Object-Guid attribute (LDAP display name `objectGUID`) is a 16 byte array which can be displayed in different ways:

* The `ldapsearch` linux command displays it as base 64: `Hrz/HqNKnU+lCNTYHx9Ycw==`. This is also the format used in LDIF files.

* The [LDAP Golang package we use](https://github.com/go-ldap/ldap)  emits the value as hexidecimal (base 16) array with each byte separated by a backslash: `\1e\bc\ff\1e\a3\4a\9d\4f\a5\08\d4\d8\1f\1f\58\73`

    You can remove the backslashes (`1ebcff1ea34a9d4fa508d4d81f1f5873`) and parse it with [Golang like this](https://play.golang.org/p/9b8iDPuz0Nm). The snippets prints the base 10 representation of each value: `[30 188 255 30 163 74 157 79 165 8 212 216 31 31 88 115]`

* Windows powershell displays the value like this: `1effbc1e-4aa3-4f9d-a508-d4d81f1f5873`

```powershell
> get-adgroup -identity developers

DistinguishedName : CN=developers,CN=Users,DC=example,DC=com
GroupCategory     : Security
GroupScope        : Universal
Name              : developers
ObjectClass       : group
ObjectGUID        : 1effbc1e-4aa3-4f9d-a508-d4d81f1f5873
SamAccountName    : developers
SID               : S-1-5-21-3389680124-1638897943-855603155-1112

You can convert this GUID format in powershell like this:

> $guid = [System.Guid]"{1effbc1e-4aa3-4f9d-a508-d4d81f1f5873}".ToByteArray()
> $guid.ToByteArray()
30
188
255
30
163
74
157
79
165
8
212
216
31
31
88
115

Significantly, these values in LDAP filters, only the backslash-escaped format will return the object:

See the original post here.

This issue was generated from Mattermost using the Doc Up plugin.

cwarnermm commented 2 years ago

@mkraft - Is this documentation request still valid? If so, would you or a member of your team be open to creating a PR with the changes?

mkraft commented 2 years ago

https://mattermost.atlassian.net/browse/MM-42060