At Deutsche Bahn we have a requirement to identify the user uniquely in the system over the long period of times. We use Active Directory connection in which all user data properties can change except one value - objectGUID . We’d like to use this property as an internal key to identify the user uniquely in the BPMS/EAI application scenarios. For the login procedure we’ll use either the login name or the login name including domain (which is different than the objectGUI).
In order to get the objectGUID information from the LdapServer we use the following code:
IDirectorySession session = DirectorySystemFactory.getDirectorySystem().createSession(); IDirectoryUser dirUser = (IDirectoryUser) session.lookupPrincipalByName(getFacesContext().getExternalContext().getUserPrincipal().getName(), IDirectoryUser.TYPE_USER); IDirectoryService service = dirUser.getDirectoryService (); DirectoryService ds = (DirectoryService) service; IDirService dservice = ds.getDirServiceImpl(); String objectGUID = (String)dservice.getAttribute (PortalSystem.getPortalSystem().acquireURI(dirUser.getID()),"objectGUID"); byte objectGUIDbytes = objectGUID.getBytes();
The problem with this code is that objectGUID is represented in AD internally as binary array (so byte should be returned by the getAttribute method). Instead we get String which we have to convert to byte. There’s a probability that during back end forth conversion of the objectGUID from byte to String and reverse the GUID information will be changed - due to char encoding conversions.
The questions is how to get the objectGUID directly from AD as it is represented there (without going over String object)?