Skip to Content.
Sympa Menu

shibboleth-users - Re: [Shib-Users] Novell eDir GUID transformation using script attribute definition

Subject: Shibboleth Users

List archive

Re: [Shib-Users] Novell eDir GUID transformation using script attribute definition


Chronological Thread 
  • From: Dan McLaughlin <>
  • To:
  • Subject: Re: [Shib-Users] Novell eDir GUID transformation using script attribute definition
  • Date: Thu, 26 Aug 2010 09:21:14 -0500

I found this on Novell's site in a posting about converting the the
Base64 GUID to UUID notation. Does this help? I think all I need is
to figure out how to use the GUID2ASSOC_C1 function below as a script
attribute definition and I'm done.

importClass(Packages.com.novell.xml.util.Base64Cod ec);

/**
* Convert a Base64 encoded GUID attribute value to an ASCII string
* in the format the NDS2NDS driver uses as its association.
*
* @param {String} s Base64 encoded GUID attribute value
*
* @type String
* @return ASCII string
*
* @throws IOException -
*/

// format association like Edir2Edir driver:
{60445C8E-D8DB-d801-808C-0008028B1EF9}
function guid2Association(s)
{
var bytes = Base64Codec.decode(s);
var s1 = encodeAsciiHex(bytes);
return '{' +
s1.substring(6, 8) +
s1.substring(4, 6) +
s1.substring(2, 4) +
s1.substring(0, 2) +
'-' +
s1.substring(10, 12) +
s1.substring(8, 10) +
'-' +
s1.substring(14, 16).toLowerCase() +
s1.substring(12, 14).toLowerCase() +
'-' +
s1.substring(16, 20) +
'-' +
s1.substring(20) +
'}';
}

// format association like entitlement driver:
{8E5C4460-DBD8-01D8-808C-0008028B1EF9}
function GUID2ASSOC(s)
{
var bytes = Base64Codec.decode(s);
var s1 = encodeAsciiHex(bytes);
return '{' +
s1.substring(0, 8) +
'-' +
s1.substring(8, 12) +
'-' +
s1.substring(12, 16) +
'-' +
s1.substring(16, 20) +
'-' +
s1.substring(20) +
'}';
}

// format association like C1 and iManager:
60445C8E-D8DB-d801-808C-0008028B1EF9
function GUID2ASSOC_C1(s)
{
var bytes = Base64Codec.decode(s);
var s1 = encodeAsciiHex(bytes);
return s1.substring(6, 8) +
s1.substring(4, 6) +
s1.substring(2, 4) +
s1.substring(0, 2) +
s1.substring(10, 12) +
s1.substring(8, 10) +
s1.substring(14, 16) +
s1.substring(12, 14) +
s1.substring(16);
}

var digits = [
"0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
"A", "B", "C", "D", "E", "F"
];


function encodeAsciiHex(abyte0)
{
var buffer = "";
for(var i = 0; i < abyte0.length; i++)
{
var byte0 = abyte0[i];
buffer += digits[byte0 >> 4 & 0xf];
buffer += digits[byte0 & 0xf];
}

return buffer;
}

On Thu, Aug 26, 2010 at 8:25 AM, Chad La Joie
<>
wrote:
> Oh, in addition, do you know which type of UUID Novel uses in eDir?
>
> On 8/26/10 9:16 AM, Dan McLaughlin wrote:
>>
>> The GUID in eDir is stored as a Base64 encoded string representation of
>> the more common hexadecimal GUID (eDir does this so it stores less
>> character data).
>>
>> What I'm looking for is an example script attribute definition used to
>> transform the Base64 encoded string representation of the GUID (ex.
>> gN2+pzgC3BGDaAAUwmAcPg==) to the canonical string representation of the
>> GUID as a text sequence of hex digits (ex.
>> 9c5a9b0e-d98f-404b-23bd-9c5a9b0ed98f).  In my case I'm more concerned
>> with releasing the attribute in a common GUID format than I am reducing
>> the size of the attribute.
>>
>> I found an article talking about doing something similar...
>>
>> http://www.novell.com/communities/node/4095/synchronizing-edirectory-guid-oracle-database
>>
>> …just not sure about the proper way to try and wrap this up in a script
>> attribute definition.
>>
>> We plan to manage role information for our applications and we need to
>> make sure we are associating the roles to a GUID that won't change every
>> time someone decides to get married and change their last name.
>>
>> --
>>
>> Thanks,
>>
>> Dan McLaughlin
>>
>> NOTICE: This e-mail message and all attachments transmitted with it are
>> for the sole use of the intended recipient(s) and may contain
>> confidential and privileged information. Any unauthorized review, use,
>> disclosure or distribution is strictly prohibited. The contents of this
>> e-mail are confidential and may be subject to work product privileges.
>> If you are not the intended recipient, please contact the sender by
>> reply e-mail and destroy all copies of the original message.
>>
>>
>> On Thu, Aug 26, 2010 at 5:35 AM, Chad La Joie
>> <
>> <mailto:>>
>> wrote:
>>
>>    If the value is a byte[], and you don't want to use Base64 encoding
>>    in order to get an ASCII string, what type of encoding do you want
>>    to use, hex?
>>
>>
>>    On 8/26/10 2:23 AM, Dan McLaughlin wrote:
>>
>>        Novell eDir contains a unique ID for each user in the GUID
>>        attribute.
>>        The GUID string is Base64 encoded and stored as a binary value in
>>        eDir.
>>
>>        Here's my understanding of how this should work...
>>
>>        I understand that in order to return a binary attribute in the data
>>        connector you must define it as binary by setting<LDAPProperty
>>        name="java.naming.ldap.attributes.binary" value="GUID"/>.  This
>>        seems
>>        to be working because If I encode the GUID as a SAML2 String
>>        Attribute
>>        and release it, I can see that the Base64 encoded string was
>>        returned
>>        from the data connector.
>>
>>        Since I don't want to release GUID as Base64 encoded string; I
>>        need to
>>        decode it to an ASCII string first. In order to do this I have to
>>        transform the Base64 encoded GUID attribute value to an ASCII
>> string
>>        using a script attribute definition.
>>
>>        I'm looking for a sample script attribute definition used to
>>        transform
>>        the Base64 encode GUID to an ASCII string.  Has anyone done this
>>        before?
>>
>>        --
>>
>>        Thanks,
>>
>>        Dan McLaughlin
>>
>>        NOTICE: This e-mail message and all attachments transmitted with it
>>        are for the sole use of the intended recipient(s) and may contain
>>        confidential and privileged information. Any unauthorized
>>        review, use,
>>        disclosure or distribution is strictly prohibited. The contents of
>>        this e-mail are confidential and may be subject to work product
>>        privileges. If you are not the intended recipient, please
>>        contact the
>>        sender by reply e-mail and destroy all copies of the original
>>        message.
>>
>>        Need to schedule a meeting??? http://www.tungle.me/DanMcLaughlin
>>
>>
>>    --
>>    Chad La Joie
>>    http://itumi.biz
>>    trusted identities, delivered
>>
>>
>
> --
> Chad La Joie
> http://itumi.biz
> trusted identities, delivered
>



Archive powered by MHonArc 2.6.16.

Top of Page