Merge remote-tracking branch 'origin/main' into develop

marle3003 · marle3003 · commit c1cf3b8f2262 · 2026-04-17T22:21:49.000+02:00
diff --git a/providers/directory/ldif.go b/providers/directory/ldif.go
@@ -63,9 +63,6 @@ func (l *Ldif) Parse(config *dynamic.Config, reader dynamic.Reader) error {
 			}
 			continue
 		}
-		if line[0] == '#' || line[0] == '-' {
-			continue
-		}
 
 		if isMultiLine(i + 1) {
 			parsedLine += trim(line)
@@ -75,6 +72,10 @@ func (l *Ldif) Parse(config *dynamic.Config, reader dynamic.Reader) error {
 			parsedLine = ""
 		}
 
+		if line[0] == '#' || line[0] == '-' {
+			continue
+		}
+
 		kv := strings.SplitN(line, ":", 2)
 		if len(kv) != 2 {
 			return fmt.Errorf("invalid line %v: %s", i, line)
diff --git a/providers/directory/search.go b/providers/directory/search.go
@@ -22,6 +22,29 @@ import (
 
 type predicate func(entry Entry) bool
 
+func guidFromBytes(b []byte) string {
+	return fmt.Sprintf("%08x-%04x-%04x-%02x%02x-%x",
+		binary.LittleEndian.Uint32(b[0:4]),
+		binary.LittleEndian.Uint16(b[4:6]),
+		binary.LittleEndian.Uint16(b[6:8]),
+		b[8], b[9],
+		b[10:16],
+	)
+}
+
+func updateBaseDnForGuidIfNeeded(msg *ldap.SearchRequest, e *Entry) {
+	binGuid, ok := e.Attributes["objectGUID"]
+	if !ok || len(binGuid) == 0 {
+		return
+	}
+	msgGuid := msg.BaseDN[6 : len(msg.BaseDN)-1]
+	if guidFromBytes([]byte(binGuid[0])) != msgGuid {
+		return
+	}
+	log.Infof("Attributes: %+v", guidFromBytes([]byte(e.Attributes["objectGUID"][0])))
+	msg.BaseDN = e.Dn
+}
+
 var matchingRules = map[string]string{
 	"1.3.6.1.4.1.1466.115.121.1.38": "objectIdentifierMatch",
 	"1.3.6.1.4.1.1466.115.121.1.15": "caseIgnoreMatch",
@@ -40,6 +63,7 @@ func inferMatchingRule(syntaxOID string) string {
 	return "caseExactMatch"
 }
 
+
 func (d *Directory) serveSearch(rw ldap.ResponseWriter, r *ldap.Request) {
 	msg := r.Message.(*ldap.SearchRequest)
 	m, doMonitor := monitor.LdapFromContext(r.Context)
@@ -87,6 +111,10 @@ func (d *Directory) serveSearch(rw ldap.ResponseWriter, r *ldap.Request) {
 
 			switch msg.Scope {
 			case ldap.ScopeBaseObject:
+				// handle Active Directory extended DN (see MS-ADTS for details)
+				if strings.HasPrefix(msg.BaseDN, "<GUID=") {
+					updateBaseDnForGuidIfNeeded(msg, &e)
+				}
 				if e.Dn != msg.BaseDN {
 					continue
 				}

Original file line number	Diff line number	Diff line change
`@@ -63,9 +63,6 @@ func (l Ldif) Parse(config dynamic.Config, reader dynamic.Reader) error {`
`63`	`63`	`}`
`64`	`64`	`continue`
`65`	`65`	`}`
`66`		`- if line[0] == '#' \|\| line[0] == '-' {`
`67`		`- continue`
`68`		`- }`
`69`	`66`
`70`	`67`	`if isMultiLine(i + 1) {`
`71`	`68`	`parsedLine += trim(line)`
`@@ -75,6 +72,10 @@ func (l Ldif) Parse(config dynamic.Config, reader dynamic.Reader) error {`
`75`	`72`	`parsedLine = ""`
`76`	`73`	`}`
`77`	`74`
	`75`	`+ if line[0] == '#' \|\| line[0] == '-' {`
	`76`	`+ continue`
	`77`	`+ }`
	`78`	`+`
`78`	`79`	`kv := strings.SplitN(line, ":", 2)`
`79`	`80`	`if len(kv) != 2 {`
`80`	`81`	`return fmt.Errorf("invalid line %v: %s", i, line)`