I am using Keycloak User Federation to import users from Active Directory Server 2008.
I have created an user-attribute-ldap-mapper to map the user’s objectSid as a binary attribute.
Other binary attributes map as expected such as objectGUID (16 bytes).
But objectSid (24 bytes) does not look like a Security Indentifier that I expect to see, such as “S-1-5-21-992878714-4041223874-2616370337-1001”.
Instead it looks something like this…: “AQUAAAAAAAUVAAAAizkQjca2XXmiFM9F3gUAAA==”