I recently got an email about a KB that was written up by an MVP about one of my tools – ADFIND. Actually I have never gotten so much email about something someone else has written that people want me to help them with. Serves me for putting my email address in my program banner so people see that in the KB article I guess…
The KB can be found here http://support.microsoft.com/default.aspx?scid=kb;en-us;555433.
This is a rehash of the article found here http://support.microsoft.com/default.aspx?scid=kb;en-us;322308.
Basically what it is is the process to follow in 322308 is a bit of a pain in the ass so Mohammed wrote up how to do this painlessly from ADFIND.
Well I got an email that said, hey, ADFIND isn’t finding any objects when I enter the proper command, does your tool have a bug or am I missing something?
The issue was that when you enter the GUID in friendly format in the search filter and specify -binenc ADFIND converts the GUID to a blob and then uses ldap_escape_filter_element to convert that to a friendly string that can be submitted as a query. The thing was the filter ADFIND was producing wasn’t matching the filter that this user expected to see based on 322308.
In 322308 they have you manually converting the GUID and then escaping every byte in the string you submit for the query. Basically if a byte was 225 you need to convert to hexidecimal and then prefix with a backslash like so \E1.
When you use ldap_escape_filter_element it doesn’t exactly work that way. It uses hex escaped characters only for values that don’t map to ASCII characters 0-9,a-z, or A-Z. Those values it maps directly to the ASCII characters. So for instance, for the GUID
A8647BF0-7F12-43C5-9560-0C97535AA9D3
hand converting according to 322308 will get you
\f0\7b\64\a8\12\7f\c5\43\95\60\0c\97\53\5a\a9\d3
but ldap_escape_filter_element will get you
\F0\7Bd\A8\12\7F\C5C\95\60\0C\97SZ\A9\D3
Note the \7Bd, \C5C, and \97SZ.
These strings are entirely equivilent for an LDAP filter.
Now the question is WHY did MS do this? Well I can’t say why. I looked at the source, they didn’t have the WHY comments filled out. I can guess though. Consider that when you have to escape characters a single byte takes three bytes to transmit instead of one byte. That is pretty wasteful. I realize if you are sending one single query, whoopee that is nothing. But consider an app that is resolving hundreds or thousands or millions of GUIDs say like Exchange. Sending 1 byte instead of 3 bytes every chance you get is a considerable savings in that case.
joe
