Printout Header
RSS Feed

LDAP Object Attributes of type 'Octet String'


If you want to read and write LDAP object attributes in the directory, the attributes of type octet-string pose a specific challenge. Octet strings are a well defined LDAP syntax - a standardized data type for directory attributes, just like integers or strings. An octet string attribute consists of a byte array - so it's about binary data which is written or read.


Reading OctetString Attributes
Writing OctetString Attributes



Reading Octet String Attributes


The problem: If you try to read attributes with the octet string syntax, they are not very easy to handle. When you treat them just like any other LDAP attribute data (for example strings, booleans or integers), you receive senseless values due to strange internal data type conversions. An example: We want to read and display the Security ID (SID) of an Active Directory user. This is a binary value which is normally 28 byte long.

Set obj = GetObject("LDAP://dc1.cerrotorre.de/cn=user1,cn=users,dc=cerrotorre,dc=de", "administrator", "P@ssw0rd", 1) data = obj.Get("objectSid") WScript.Echo data

But the script is not able to display the value of this SID correctly:

Screenshot Script Output


So what we need now is a function, which can covert the raw data in a format which can be handled better: A hex string. A hex string is a string representation of the data in hexadecimal notation. Each byte is written as a two-character hexadecimal value then. This can be done with the OctetToHexStr script function:


Set obj = GetObject("LDAP://dc1.cerrotorre.de/cn=user1,cn=users,dc=cerrotorre,dc=de", "administrator", "P@ssw0rd", 1) data = obj.Get("objectSid") WScript.Echo OctetToHexStr(data) Function OctetToHexStr(var_octet) 'Converts raw binary data into a string with hexadecimal values Dim n OctetToHexStr = "" For n = 1 To lenb(var_octet) OctetToHexStr = OctetToHexStr & Right("0" & hex(ascb(midb(var_octet, n, 1))), 2) Next End Function

The output looks much better this time:


Screenshot Script Output


To beautify this output a bit, we add a function which formats the data like it can be seen in a hex editor: On the left side, you see the binary values, in a panel on the right side the corresponding ASCII text data is dispplayed. We call this function PrintOutHex, this function uses another helping function named HexStrToAscii, byte values which are not printable as ASCII text will be displayed as a dot.

Set obj = GetObject("LDAP://dc1.cerrotorre.de/cn=user1,cn=users,dc=cerrotorre,dc=de", _ "administrator", "P@ssw0rd", 1) hstr = OctetToHexStr(obj.Get("objectSid")) WScript.Echo hstr & vbCrLf WScript.Echo PrintOutHex(hstr, 8) Function OctetToHexStr(var_octet) 'Converts raw binary data into a string with hexadecimal values Dim n OctetToHexStr = "" For n = 1 To lenb(var_octet) OctetToHexStr = OctetToHexStr & Right("0" & hex(ascb(midb(var_octet, n, 1))), 2) Next End Function Function PrintoutHex(var_hex, width) 'Takes a hexstring and returns an output in a hex editor style 'The width parameter determines how many byte per line the output has Dim k1, k2, s1, s2 PrintOutHex = "" For k1 = 1 To Len(var_hex) Step (width *2) s1 = Mid(var_hex, k1, (width *2)) s2 = "" s3 = HexStrToAscii(s1, False) For k2 = 1 To Len(s1) Step 2 s2 = S2 & Mid(S1, k2, 2) & " " Next s2 = s2 & String((width *3)-Len(s2), " ") If (k1=1) Then PrintOutHex = PrintOutHex & s2 & "| " & s3 Else PrintOutHex = PrintOutHex & vbcrlf & s2 & "| " & s3 End If Next End Function Function HexStrToAscii(var_hex, format) 'Converts a hex string to an ASCII string. 'If 'format'=TRUE, tabs and CR/LFs are inserted Dim k, v HexStrToAscii = "" For k = 1 To Len(var_hex) Step 2 v = CInt("&H" & Mid(var_hex, k, 2)) If ((v>31) And (v<128)) Then HexStrToAscii = HexStrToAscii & (chr(v)) Else If (format) Then Select Case v Case 8 HexStrToAscii = HexStrToAscii & vbTab Case 10 HexStrToAscii = HexStrToAscii & vbCrLf Case 13 Case Else HexStrToAscii = HexStrToAscii & "." End Select Else HexStrToAscii = HexStrToAscii & "." End If End If Next End Function

The result:


Screenshot Script Output


The helper function HexStrToAscii can also be used in other situations to output binary data which actually contains an ASCII text, for example the 'loginSript' attribute in eDirectory environments. You can set the parameter format to TRUE then and you get the real text with all the tabs and line feeds.



Writing Octet String Attributes


To write an LDAP attribute with the syntax 'octet string' in a Visual Basic script is even more difficult than to read it. This is because we don't have a variable type like 'Byte Array' (like in real Visual Basic). But nevertheless you might want to write back data to an attribute which is represented by a hex string. This isn't easy at all.

The trick to convert a hex string back to pure binary raw data is this one: You write the data into a temporary file and read the content of this file with a stream data type. This allows to get the data in the correct format:

Set obj = GetObject("LDAP://dc1.cerrotorre.de/cn=user1,cn=users,dc=cerrotorre,dc=de", _ "administrator", "P@ssw0rd", 1) data = HexStrToOctet("005a3e11c90026f10043") obj.Put "sIDHistory", data obj.SetInfo Function HexStrToOctet(var_hex) Dim fso, stream, temp, ts, n Set fso = CreateObject ("Scripting.Filesystemobject") Set stream = CreateObject ("adodb.stream") temp = fso.gettempname () Set ts = fso.createtextfile(temp) For n = 1 To (Len(var_hex) - 1) Step 2 ts.write Chr("&H" & Mid(var_hex, n, 2)) Next ts.close stream.type = 1 stream.open stream.loadfromfile temp HexStrToOctet = stream.read stream.close fso.deletefile temp Set stream = Nothing Set fso = Nothing End Function
Tweet