LDAP Object Attributes of type 'Octet String'
If you want to read and write LDAP object attributes in the directory, the attributes of type octet-string pose a specific challenge. Octet strings are a well defined LDAP syntax - a standardized data type for directory attributes, just like integers or strings. An octet string attribute consists of a byte array - so it's about binary data which is written or read.
| Reading OctetString Attributes |
| Writing OctetString Attributes |
Reading Octet String Attributes
The problem: If you try to read attributes with the octet string syntax, they are not very easy to handle. When you treat them just like any other LDAP attribute data (for example strings, booleans or integers), you receive senseless values due to strange internal data type conversions. An example: We want to read and display the Security ID (SID) of an Active Directory user. This is a binary value which is normally 28 byte long.
"administrator", "P@ssw0rd", 1)
data = obj.Get("objectSid")
WScript.Echo data
But the script is not able to display the value of this SID correctly:
So what we need now is a function, which can covert the raw data in a format which can be handled better: A hex string. A hex string is a string representation of the data in hexadecimal notation. Each byte is written as a two-character hexadecimal value then. This can be done with the OctetToHexStr script function:
"administrator", "P@ssw0rd", 1)
"objectSid")
WScript.Echo OctetToHexStr(data)
Function OctetToHexStr(var_octet)
'Converts raw binary data into a string with hexadecimal values
Dim n
OctetToHexStr = ""
For n = 1 To lenb(var_octet)
OctetToHexStr = OctetToHexStr & Right("0" & hex(ascb(midb(var_octet, n, 1))), 2)
Next
End Function
The output looks much better this time:
To beautify this output a bit, we add a function which formats the data like it can be seen in a hex editor: On the left side, you see the binary values, in a panel on the right side the corresponding ASCII text data is dispplayed. We call this function PrintOutHex, this function uses another helping function named HexStrToAscii, byte values which are not printable as ASCII text will be displayed as a dot.
"administrator", "P@ssw0rd", 1)
hstr = OctetToHexStr(obj.Get("objectSid"))
WScript.Echo hstr & vbCrLf
WScript.Echo PrintOutHex(hstr, 8)
Function OctetToHexStr(var_octet)
'Converts raw binary data into a string with hexadecimal values
Dim n
OctetToHexStr = ""
For n = 1 To lenb(var_octet)
OctetToHexStr = OctetToHexStr & Right("0" & hex(ascb(midb(var_octet, n, 1))), 2)
Next
End Function
Function PrintoutHex(var_hex, width)
'Takes a hexstring and returns an output in a hex editor style
'The width parameter determines how many byte per line the output has
Dim k1, k2, s1, s2
PrintOutHex = ""
For k1 = 1 To Len(var_hex) Step (width *2)
s1 = Mid(var_hex, k1, (width *2))
s2 = ""
s3 = HexStrToAscii(s1, False)
For k2 = 1 To Len(s1) Step 2
s2 = S2 & Mid(S1, k2, 2) & " "
Next
s2 = s2 & String((width *3)-Len(s2), " ")
If (k1=1) Then
PrintOutHex = PrintOutHex & s2 & "| " & s3
Else
PrintOutHex = PrintOutHex & vbcrlf & s2 & "| " & s3
End If
Next
End Function
Function HexStrToAscii(var_hex, format)
'Converts a hex string to an ASCII string.
'If 'format'=TRUE, tabs and CR/LFs are inserted
Dim k, v
HexStrToAscii = ""
For k = 1 To Len(var_hex) Step 2
v = CInt("&H" & Mid(var_hex, k, 2))
If ((v>31) And (v<128)) Then
HexStrToAscii = HexStrToAscii & (chr(v))
Else
If (format) Then
Select Case v
Case 8
HexStrToAscii = HexStrToAscii & vbTab
Case 10
HexStrToAscii = HexStrToAscii & vbCrLf
Case 13
Case Else
HexStrToAscii = HexStrToAscii & "."
End Select
Else
HexStrToAscii = HexStrToAscii & "."
End If
End If
Next
End Function
The result:
The helper function HexStrToAscii can also be used in other situations to output binary data which actually contains an ASCII text, for example the 'loginSript' attribute in eDirectory environments. You can set the parameter format to TRUE then and you get the real text with all the tabs and line feeds.
The VB script file Octet.vbs contains all the script functions which are described and used in the examples on this page, and which are useful if you have to deal with octet string LDAP attributes:
 |
Download OctetString.vbs |
Writing Octet String Attributes
To write an LDAP attribute with the syntax 'octet string' in a Visual Basic script is even more difficult than to read it. This is because we don't have a variable type like 'Byte Array' (like in real Visual Basic). But nevertheless you might want to write back data to an attribute which is represented by a hex string. This isn't easy at all.
The trick to convert a hex string
back to pure binary raw data is this one: You write the data into a temporary file and read the content of this file with a stream data type. This allows to get the data in the correct format:
"administrator", "P@ssw0rd", 1)
data = HexStrToOctet("005a3e11c90026f10043")
obj.Put "sIDHistory", data
obj.SetInfo
Function HexStrToOctet(var_hex)
Dim fso, stream, temp, ts, n
Set fso = CreateObject ("Scripting.Filesystemobject")
Set stream = CreateObject ("adodb.stream")
temp = fso.gettempname ()
Set ts = fso.createtextfile(temp)
For n = 1 To (Len(var_hex) - 1) Step 2
ts.write Chr("&H" & Mid(var_hex, n, 2))
Next
ts.close
stream.type = 1
stream.open
stream.loadfromfile temp
HexStrToOctet = stream.read
stream.close
fso.deletefile temp
Set stream = Nothing
Set fso = Nothing
End function
The VB script file Octet.vbs contains all the script functions which are described and used in the examples on this page, and which are useful if you have to deal with octet string LDAP attributes:
|
Download OctetString.vbs |