pingidentity
What is the best option to remove object by objectGuid ?
I want to use immutable objectGuid identifier in my project and I want to know how to remove by objectGuid
The most obvious option is get the entryby objectGuid
SearchRequest searchRequest = new SearchRequest(
searchBase,
SearchScope.SUB,
Filter.createEqualityFilter("objectGuid", objectGuidBytest)
);
val entry = ldapConnectionPool.searchForEntry(searchRequest)
and then remove using existing API
ldapConnectionPool.delete(dn)
But it requires 2 requests.
Is there way to extend library to make it using single ldap request ? Does LDAP protocol suppot it ?
Based on https://learn.microsoft.com/en-us/windows/win32/ad/using-objectguid-to-bind-to-an-object I think that get by objectGuid is supported on protocol level
The LDAP protocol specification in RFC 4511 section 4.8 defines a delete request as:
DelRequest ::= [APPLICATION 10] LDAPDN
This means that the only standards-compliant way for LDAP clients to identify an entry to delete is by providing the DN of that entry, and providing something other than the DN would mean that it isn't a valid LDAP request.
Nevertheless, Microsoft doesn't seem especially concerned with adhering to the protocol specification. I know that they violate the spec at least for bind operations, so it's possible that they do as well for delete operations. I don't deal with Active Directory, so I can't say whether that is the case or not.
I will say that if you attempt a delete operation and specify the DN of the entry to delete as a string, the LDAP SDK doesn't try to verify whether the provided DN actually is a string. So if Active Directory does allow you to provide an objectGUID as an alternative to a DN, then the LDAP SDK wouldn't necessarily prevent you from doing that.
