From 37c992f16b3cff40a5cd67ea9515f8f3f0c62599 Mon Sep 17 00:00:00 2001 From: Thomas Rittson <31796059+eliykat@users.noreply.github.com> Date: Thu, 19 Dec 2024 07:43:47 +1000 Subject: [PATCH] [PM-13007] Fix Active Directory externalId parsing (#693) Return AD ObjectGuid attribute as buffer so it can be parsed properly --- src/services/ldap-directory.service.ts | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/services/ldap-directory.service.ts b/src/services/ldap-directory.service.ts index de558bfd7..b511997ed 100644 --- a/src/services/ldap-directory.service.ts +++ b/src/services/ldap-directory.service.ts @@ -18,6 +18,11 @@ import { IDirectoryService } from "./directory.service"; const UserControlAccountDisabled = 2; +/** + * The attribute name for the unique identifier used by Active Directory. + */ +const ActiveDirectoryExternalId = "objectGUID"; + export class LdapDirectoryService implements IDirectoryService { private client: ldapts.Client; private dirConfig: LdapConfiguration; @@ -240,7 +245,7 @@ export class LdapDirectoryService implements IDirectoryService { * otherwise it falls back to the provided referenceId. */ private getExternalId(searchEntry: ldapts.Entry, referenceId: string) { - const attr = this.getAttr(searchEntry, "objectGUID"); + const attr = this.getAttr(searchEntry, ActiveDirectoryExternalId); if (attr != null) { return this.bufToGuid(attr); } else { @@ -358,6 +363,9 @@ export class LdapDirectoryService implements IDirectoryService { filter: filter, scope: "sub", paged: this.dirConfig.pagedSearch, + // We need to expressly tell ldapts what attributes to return as Buffer objects, + // otherwise they are returned as strings + explicitBufferAttributes: [ActiveDirectoryExternalId], }; const { searchEntries } = await this.client.search(path, options, controls); return searchEntries.map((e) => processEntry(e)).filter((e) => e != null);