[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Netscape client misparsing the bind response


Mark C Smith wrote:
> 
> I don't work on the Netscape Communicator client, but I do work on the
> Netscape/Mozilla SDK that it uses).
> 
> Question: Does everything work fine if you do not use SSL/TLS?

Yes.  Client auth is OK if I don't use TLS.  TLS works fine if I don't
use client auth.  By client auth I mean, email and password.  If I
combine them, I get in trouble as described.

> Can you produce a protocol trace (of the SSL session and the LDAP
> stream)?

Not quite yet, I can however give some more data.  I have followed
Kurt's advice and I have used stunnel in client mode (our clients
do not have TLS/SSL yet).  It seems to work, but my ber reading
skills are a little bit rusty, I used to read hex dumps from
SNMP in my head, honest, but I have forgotten.  The tag in the
CHOICE is shown as an 'a', i.e. 0x61, that is the tag for the
BindResponse. This is the trace seen from a debugging ldapsearch:

[j_sanchez@andromeda j_sanchez]$ ldapsearch -v -d 65535 -p 1500 -D '' -s base -b '' 'objectclass=*'
ldap_init( <DEFAULT>, 1500 )
ldap_init
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
open_ldap_connection
ldap_connect_to_host: localhost:1500
ldap_pvt_gethostbyname_a: host=localhost, r=0
sd 3 connected to: 127.0.0.1
ldap_delayed_open successful, ld_host is (null)
ldap_send_server_request
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: localhost  port: 1500  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug  3 21:15:48 1999

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf 0x80632c8, ptr 0x80632c8, end 0x80632d4
        02 01 01  a 07 0a 01 00 04 00 04 00 
ldap_read: result msgid 1, original id 1
ber_scanf fmt ({iaa}) ber:
ber_dump: buf 0x80632c8, ptr 0x80632cb, end 0x80632d4
         a 07 0a 01 00 04 00 04 00 
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg:  0 new referrals
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf 0x80632c8, ptr 0x80632cb, end 0x80632d4
         a 07 0a 01 00 04 00 04 00 
ber_scanf fmt (}) ber:
ber_dump: buf 0x80632c8, ptr 0x80632d4, end 0x80632d4
        (end)
ldap_msgfree
filter: objectclass=*
returning: 
ldap_search
put_filter "objectclass=*"
put_filter: default
put_simple_filter "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: localhost  port: 1500  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug  3 21:15:48 1999

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 49 contents:
ber_dump: buf 0x80640f0, ptr 0x80640f0, end 0x8064121
        02 01 02  d  , 04 00  0  (  0  & 04 0b  o  b  j
         e  c  t  c  l  a  s  s  1 17 04 03  t  o  p 04
        10  e  x  t  e  n  i  s  b  l  e  O  b  j  e  c
         t 
ldap_read: entry msgid 2, original id 2
ldap_get_dn
ber_scanf fmt ({a) ber:
ber_dump: buf 0x80640f0, ptr 0x80640f3, end 0x8064121
         d  , 04 00  0  (  0  & 04 0b  o  b  j  e  c  t
         c  l  a  s  s  1 17 04 03  t  o  p 04 10  e  x
         t  e  n  i  s  b  l  e  O  b  j  e  c  t 
ALL
ldap_first_attribute
ber_scanf fmt ({x{{ax}) ber:
ber_dump: buf 0x80640f0, ptr 0x80640f3, end 0x8064121
         d  , 04 00  0  (  0  & 04 0b  o  b  j  e  c  t
         c  l  a  s  s  1 17 04 03  t  o  p 04 10  e  x
         t  e  n  i  s  b  l  e  O  b  j  e  c  t 
ldap_get_values_len
ber_scanf fmt ({x{{a) ber:
ber_dump: buf 0x80640f0, ptr 0x80640f3, end 0x8064121
         d  , 04 00  0  (  0  & 04 0b  o  b  j  e  c  t
         c  l  a  s  s  1 17 04 03  t  o  p 04 10  e  x
         t  e  n  i  s  b  l  e  O  b  j  e  c  t 
ber_scanf fmt ([V]) ber:
ber_dump: buf 0x80640f0, ptr 0x8064108, end 0x8064121
         1 17 04 03  t  o  p 04 10  e  x  t  e  n  i  s
         b  l  e  O  b  j  e  c  t 
objectclass=top


objectclass=extenisbleObject


ldap_next_attribute
ber_scanf fmt ({ax}) ber:
ber_dump: buf 0x80640f0, ptr 0x8064121, end 0x8064121
        (end)
ldap_msgfree
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: localhost  port: 1500  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug  3 21:15:48 1999

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf 0x80640f0, ptr 0x80640f0, end 0x80640fc
        02 01 02  e 07 0a 01 00 04 00 04 00 
ldap_read: result msgid 2, original id 2
ber_scanf fmt ({iaa}) ber:
ber_dump: buf 0x80640f0, ptr 0x80640f3, end 0x80640fc
         e 07 0a 01 00 04 00 04 00 
new result:  res_errno: 0, res_error: <>, res_matched: <>
read1msg:  0 new referrals
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf 0x80640f0, ptr 0x80640f3, end 0x80640fc
         e 07 0a 01 00 04 00 04 00 
ber_scanf fmt (}) ber:
ber_dump: buf 0x80640f0, ptr 0x80640fc, end 0x80640fc
        (end)
1 matches
ldap_msgfree
ldap_unbind
ldap_free_connection
ldap_send_unbind
ldap_free_connection: actually freed

I will try to get more info as soon as I can.  In the meantime,
I hope you find this useful.

Julio