[Date Prev][Date Next] [Chronological] [Thread] [Top]

Netscape client misparsing the bind response



I am testing the TLS thing and, since I cannot bind with the client
certificate, I am trying user (i.e. email address) and password
over SSL.

Well, it fails mysteriously:

Aug  3 19:07:07 andromeda slapd[8243]: daemon: conn=0 fd=8 connection from IP=74.3.11.123:23336 (IP=0.0.0.0:1636) accepted. 
Aug  3 19:07:07 andromeda slapd[8244]: conn=0 op=0 BIND dn="" method=128 
Aug  3 19:07:07 andromeda slapd[8244]: conn=0 op=0 RESULT err=0 tag=97 text=(null) 
Aug  3 19:07:11 andromeda slapd[8245]: conn=0 op=1 UNBIND 
Aug  3 19:07:11 andromeda slapd[8245]: conn=-1 fd=8 closed. 

Here, Netscape is trying an anonymous (v2, BTW) bind before searching
email address and such.  The server thinks the bind succeeded, but
Netscape thinks it is an error.  To be precise, it thinks that the
error is 0x61 LDAP_REFERRAL_LIMIT_EXCEEDED (i.e. it is reading the tag
as the error).  However, for that to happen, it would have to
get out of sync with the stream.  The relevant part of the trace is:

ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf 0x81a31b8, ptr 0x81a31b8, end 0x81a31c4
        02 01 01  ` 07 02 01 02 04 00 80 00 
ber_get_next
ber_get_next on fd 8 failed errno 11 (Resource temporarily unavailable)
        *** got 135934060 of 0 so far
daemon: select: listen=4 active_threads=1 tvp=NULL
daemon: select: listen=5 active_threads=1 tvp=NULL
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf 0x81a31b8, ptr 0x81a31bb, end 0x81a31c4
         ` 07 02 01 02 04 00 80 00 
ber_scanf fmt (o}) ber:
ber_dump: buf 0x81a31b8, ptr 0x81a31c2, end 0x81a31c4
        80 00 
do_bind: version 2 dn () method 128
send_ldap_result: conn=0 op=0 p=2
send_ldap_result: 0::
send_ldap_response: tag=97 msgid=1 err=0

Any ideas?

Julio