Active Directory/Ldap Get DataType or Syntax of specific attributes in NodeJS

I am able to query active-directory/ldap to get the user information along with custom attributes. However I would to know the underlying DataType/attributeSyntax for each of those attribute returned. Another the problem is that the query will not return the attribute itself if it does not contain any value. So if can get fetch the attributes and their respective DataTypes then it provides me flexibility to set a default value basing on the DataType while preparing the final output object.

Eg: 1. I query AD to find foo user with attributes givenName, mail, myCustom1, myCustom2

{
    givenName : "foo foo",
    mail : "foo@boo.com",
    myCustom1 : "TRUE"
}

but may not contain myCustom2 because it is not holding the value in AD.

  1. get syntax for attributes givenName, mail, myCustom1, myCustom2
{
    givenName : unistring,
    mail : unistring,
    myCustom1 : boolean,
    myCustom2 : integer,
}
  1. using above I can map the first result and prepare the final object as
{
    givenName : "foo foo"
    mail : "foo@boo.com"
    myCustom1 : "TRUE"
    myCustom2  : //usingHelperFunctionGetDefaultValueFor -> myCustom2
}

1 answer

  • answered 2019-02-11 14:58 Gabriel Luci

    Active Director does not return attributes that do not have values, so that's not just the LDAPjs library, that's just how AD works.

    Every object has an attribute called allowedAttributes that will show you every valid attribute that the object can potentially have.

    If you need it, allowedAttributesEffective will list every attribute that the current user has permissions to modify.

    These are both constructed attributes, meaning you have to ask for them specifically, or else you won't get them. For example, when searching, you have the option to specify the attributes you want to get back. If you specify nothing, you will get every non-constructed attribute that has a value. If you want any constructed attributes, you have to add it specifically to that list.

    That's just a list of attributes. It won't tell you the type. You have to look to the schema for that, which is more difficult. You have to do a search using the base DN of CN=Schema,CN=Configuration,DC=domain,DC=com, where "domain.com" is the root domain of your forest, which may or may not be the same as the domain you're searching. You could look at the subSchemaSubEntry attribute of any object to find the location of the schema, although it will usually be CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com (note the added CN=Aggregate).

    But anyway, each object in there will have an attribute called ldapDisplayName, which is the name of the attribute as it appears on objects.

    So if you want to find details on the givenName attribute, you would search the schema for (ldapDisplayName=givenName). Then the oMSyntax attribute is an enum that will tell you the type. The enum values are shown here. For givenName, that would be 64, which is a Unicode string.

    The only benefit to looking up the types like this is if you are expecting your code to be run on any AD environment. If your code will only ever be run in one environment, then you can save coding time and run time by just hard-coding the attributes you are looking for and their types.