tschloesser Frequent Contributor.
Frequent Contributor.
298 views

GUID Syntax differences


Hi,

by chance we found that the syntax of the object GUID in eDirectory is
differnt depending on the tool used to read it.
We tested with LDAP, iManger and iManger and received those three
different values:

iManager: fa38362a2d9325435fbbfa38362a2d93
LDAP Browser: fa38362a-2d93-2543-5fbb-fa38362a2d93
iMonitor: 2a3638fa-932d-4325-5fbb-fa38362a2d93

The value in iManger and LDAP seams to be the same exept the missing "-"
in the value reported in iManger, but in iManger in the first
threesections the bytes of the value were somehow swaped!

Can anybody explain this to me, please?

Regards,

Thorsten


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55417

Labels (1)
0 Likes
4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: GUID Syntax differences

iMonitor is meant to be a tool to show internal details of the directory,
and as such it is probably showing the native byte order used within
FLAIM. If I were you, I"d probably ignore it since the other tools are
meant to be consumed by either application (LDAP) or mere mortals (iManager).

At the end of the day, there are good write-ups on Wikipedia about
GUID/UUID that explain a bit about various forms for representing the ID
itself, or even on generating the IDs (not just one way, as one may expect).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
tschloesser Frequent Contributor.
Frequent Contributor.

Re: GUID Syntax differences


Thanks!

I am aware of the purpose of iMonitor 😉 But I was wondering if someone
could explain me why we are receiving different formats for the same
attribute.

So if I get yu right iMonitor is showing the a UUID format where LDAP /
iManger do show the same value as an GUID?

Regards,

Thorsten


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55417

0 Likes
Knowledge Partner
Knowledge Partner

Re: GUID Syntax differences

tschloesser wrote:

> Can anybody explain this to me, please?


The GUID is just displayed differently per tool. There seems to be no single
standard, just a few common representations of such a binary value.
Here's an ECMA function I use with IDM when an object GUID is used as an
association so it looks nicer when viewed via LDAP compared to the raw value.
It let's you choose which representation you prefer and the code shows how the
byte order is swapped in each one:

importPackage(Packages.com.novell.xml.util);

function decodeGUID(B64GUID, format)
{
var bytearray = Base64Codec.decode(B64GUID);
var HexGUID = "";
var digits =
["0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F"];

for(var i=0; i<bytearray.length; i++)
{
HexGUID += digits[bytearray >> 4 & 0xf] + digits[bytearray & 0xf];
}

switch (format){
case 1 :
// Console1 + iManager format: 60445C8ED8DBD801808C0008028B1EF9
return HexGUID.substr( 6,2) +
HexGUID.substr( 4,2) +
HexGUID.substr( 2,2) +
HexGUID.substr( 0,2) +
HexGUID.substr(10,2) +
HexGUID.substr( 8,2) +
HexGUID.substr(14,2) +
HexGUID.substr(12,2) +
HexGUID.substr(16);
case 2 :
// Entitlements driver format: {8E5C4460-DBD8-01D8-808C-0008028B1EF9}
return '{' +
HexGUID.substr( 0,8) +
'-' +
HexGUID.substr( 8,4) +
'-' +
HexGUID.substr(12,4) +
'-' +
HexGUID.substr(16,4) +
'-' +
HexGUID.substr(20) +
'}';
default :
// Edir2Edir driver format: {60445C8E-D8DB-d801-808C-0008028B1EF9}
return '{' +
HexGUID.substr( 6,2) +
HexGUID.substr( 4,2) +
HexGUID.substr( 2,2) +
HexGUID.substr( 0,2) +
'-' +
HexGUID.substr(10,2) +
HexGUID.substr( 8,2) +
'-' +
HexGUID.substr(14,2).toLowerCase() +
HexGUID.substr(12,2).toLowerCase() +
'-' +
HexGUID.substr(16,4) +
'-' +
HexGUID.substr(20) +
'}';
}
}

--
http://www.is4it.de/en/solution/identity-access-management/
______________________________________________
https://www.is4it.de/identity-access-management
0 Likes
tschloesser Frequent Contributor.
Frequent Contributor.

Re: GUID Syntax differences


Hi Lothar,

thanks for the information and the code!

The remaining question is: Why different syntaxes are used? Only to
confuse the ones who have to work with GUID's 😉 I am guessing there is
a reason!

Tho other thing I would like to understand is why the GUID is using the
same (sub)-value twice. When using LDAP it is always a concatunbation of
value + something + value ?!

When using iMonitor it is the same only that the first component is
showing the value in reverse byte order.

Maybe it is something we only have to accept - and the values are quite
easy to be converted in either direction. But I am someone who would
like to know if there is a kind of reason behind all this 😉

Thorsten


--
tschloesser
------------------------------------------------------------------------
tschloesser's Profile: https://forums.netiq.com/member.php?userid=3232
View this thread: https://forums.netiq.com/showthread.php?t=55417

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.