docs
docs copied to clipboard
mattermost
Help Wanted: How Mattermost stores Active Directory ObjectGUID.
Mattermost user martin.kraft from https://community-daily.mattermost.com has requested the following be documented:
The Active Directory Object-Guid attribute (LDAP display name `objectGUID`) is a 16 byte array which can be displayed in different ways:
* The `ldapsearch` linux command displays it as base 64: `Hrz/HqNKnU+lCNTYHx9Ycw==`. This is also the format used in LDIF files.
* The [LDAP Golang package we use](https://github.com/go-ldap/ldap) emits the value as hexidecimal (base 16) array with each byte separated by a backslash: `\1e\bc\ff\1e\a3\4a\9d\4f\a5\08\d4\d8\1f\1f\58\73`
You can remove the backslashes (`1ebcff1ea34a9d4fa508d4d81f1f5873`) and parse it with [Golang like this](https://play.golang.org/p/9b8iDPuz0Nm). The snippets prints the base 10 representation of each value: `[30 188 255 30 163 74 157 79 165 8 212 216 31 31 88 115]`
* Windows powershell displays the value like this: `1effbc1e-4aa3-4f9d-a508-d4d81f1f5873`
```powershell
> get-adgroup -identity developers
DistinguishedName : CN=developers,CN=Users,DC=example,DC=com
GroupCategory : Security
GroupScope : Universal
Name : developers
ObjectClass : group
ObjectGUID : 1effbc1e-4aa3-4f9d-a508-d4d81f1f5873
SamAccountName : developers
SID : S-1-5-21-3389680124-1638897943-855603155-1112
You can convert this GUID format in powershell like this:
> $guid = [System.Guid]"{1effbc1e-4aa3-4f9d-a508-d4d81f1f5873}"
> $guid.ToByteArray()
30
188
255
30
163
74
157
79
165
8
212
216
31
31
88
115
Could this cause some LDAP or AD servers to confuse the users and have mattermost deactivate them by accident?
I highly doubt it, but rather these format conversions likely confuse humans.
See the original post [here](https://community-daily.mattermost.com/_redirect/pl/pah3hebzytnybepzzu1ru5ecny).
_This issue was generated from [Mattermost](https://mattermost.com) using the [Doc Up](https://github.com/jwilander/mattermost-plugin-docup) plugin._
@justinegeffen I would love to do this, but I have a little issue as to where this information is to be located
thanks, @fakela!
In this instance I'm going to loop @svelle and @mkraft into this discussion as they have all the background info and will be able to give you more context. This may need to go into the SAML troubleshooting guide or into the SAML documentation. Also looping in @faase as he's the writer for this area and may have some ideas. :) And of course I'm happy to help too.
I've assigned you in the interim.
Hey @fakela thank you for taking this on.
So in my mind this would fit great under the FAQ in the SAML documentation page, in particular the guides for ADFS 2012 and 2016. Maybe something like "Why does the objectGUID of a user in Mattermost differ from what we're seeing in ADFS"?
Cheers!
@svelle wrote:
Hey @fakela thank you for taking this on.
So in my mind this would fit great under the FAQ in the SAML documentation page, in particular the guides for ADFS 2012 and 2016. Maybe something like "Why does the objectGUID of a user in Mattermost differ from what we're seeing in ADFS"?
Cheers!
I like the title and the idea, but I would put it into the troubleshooting section mentioned by @justinegeffen.
👍
Awesome, thanks @vilsi12! Just a note that some of the URLs referenced in this issue may have changed. Please let us know if you have any issues finding the correct pages. :)
Just a note that there are some posts further down in the original thread that have some useful information that I think would be great to include.
