Hi monks!

I need to use a read-only unique identifier field for ldap objects. My research has taken me to "objectGUID". However, if I take a query result set and turn right back around to use the objectGUID values for my filter values, I only get hits on about 90% of the original objects. From my tests so far, it appears to be the same objects missing each time.

my $users=$ldap_session->search(
                        base=>$CONF{ldapuserbase},
                        filter=>$filter,
                        attrs=> ['distinguishedName','sAMAccountName',
+'homeDirectory','displayName','objectSid','objectGUID'] ) or die "err
+or searching tree:$@\n";


my @entries = $users->sorted('displayName');
print "done.\nFound ".(scalar @entries)." entries.\n";

my $notfound=0;
foreach my $e (@entries){
    my $guid=$e->get_value('objectGUID');
    my $name=$e->get_value('displayName');

    my $thisuser=$ldap_session->search(
                        base=>$CONF{ldapuserbase},
                        filter=>"(objectGUID=$guid)",
                        attrs=> ['distinguishedName','sAMAccountName',
+'homeDirectory','displayName','objectSid','objectGUID'] ) or die "err
+or searching tree:$@\n";
    my @user=$thisuser->sorted('displayName');
    if(@user){
        #do nothing
    }else{
        print "can't find $name\n";
        ++$notfound;
    }
}
print "not found=$notfound\n";

$ldap_session->unbind;
[download]

I should be able to grab the value and turn right back around and query for it, right? Does anyone have any insight as to what's going on?

ETA: I converted the "not found" objectGUID values to a readable hex string and displayed the values. All the objects have the value of "4" at the start of the 3rd subset. aka, XXXXXXXX-XXXX-4XXX-XXXX-XXXXXXXXXXXX

Coincidence????