Accessing Lightweight Directory Access Protocol (LDAP) Binary Attributes

Document ID : KB000047562
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue: 

Using the ‘Query LDAP’ assertion to retrieve binary attributes can produce undesired output. For example:

Attribute Name: objectGUID

Retrieved Value: [B@405217f8   OR  ????x D?&zd ??5

Environment:  

CA API Gateway

Cause: 

As these values are stored as binary they will need to be treated as such. A special indicator is required in the assertion to signify the binary value. This indicator will retrieve the attribute as a base64 encoded value.

Resolution:

1. Add the ‘Query LDAP’ Assertion to policy

2. Edit the assertion properties and add an LDAP attribute

ldap.png

3. Append the Attribute name with ;binary

ldap properties.png

 

4. The output will now be available as a base64 encoded value

Example: obbk7eV4A0SRJnpkHJSjgQ==