Virtual attributes convertion of LDAP user attribute GUID is invalid when using built in tool

  • 7022338
  • 16-Nov-2017
  • 20-Nov-2017


Access Manager 4.3
Access Manager 4.2


Have a remote LDAP data source where I need to retrieve GUID and forward to back end
An LDAP search shows the user we are attempting to login with has a valid GUID. The LAN trace shows the GUID being returned and decoded correctly in wireshark. Using the virtual attribute tool however, it does not display the value correctly, and the injected attribute value is invalid.

To dup:

1. go to iManager on Admin Console
2. go to shared settins -> Virtual Attributes -> Source Attribute
3. select virtual attribute source that retrieves remote LDAP guid attribute - Added an eDir as datasource and added the following attribute source query :
(&(objectclass=*)(cn=%P1%)) -> here P1 is ldap:cn - give test value as admin
In output added : guid
4. show 'add test value' and add username you will test with
5. verify the response and compare with the command ldapsearch output - for example

root@nam42phys:~> ldapsearch -x -h -p 389 -D cn=admin,ou=sa,o=system -w novell -b ou=sa,o=system "cn=ncashell" guid
version: 1

# filter: cn=ncashell
# requesting: guid

# ncashell,sa,system
dn: cn=ncashell,ou=sa,o=system
guid:: Jjd0b9dIBUROjCY3dG/XSA==
and confirm they are different


Fixed in 4.3.3. and 4.4.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.