[Date Prev][Date Next] [Chronological] [Thread] [Top]

Jndi VLV usage (maybe a BER encoding issue)

To: openldap-technical@openldap.org
Subject: Jndi VLV usage (maybe a BER encoding issue)
From: Sebastien Bahloul <sebastien.bahloul@gmail.com>
Date: Mon, 25 Oct 2010 16:39:57 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:mime-version:content-type:message-id; bh=YdkEa0c2FROjywYG0ziAqlPna/i+eHD53k5m1liM6ws=; b=wnl7tb0caxdzJPH4+lXAvufbZo/ApYvRawZty9HSuXUvcv+LfCokxRD85o6jdLdkXK aQJfUE7lTjvpZl2faeuGIiHrmdwxbBEB+/ta6OqxO1ZjqptXF8UjxB0z3vGtM4o1Vz3u 9n4ysxDfEqM8ts6bAhrK4tJxq2PNpOA8r/Odc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type :message-id; b=UNZVvMgBlRdKt8mSRsv7xOuE3cC5/gmB4eYLM7Qzv+XmjpUROTVatQzOXBT2NKI175 uT0grDE2fiK7fsUExh+S6KxtTpVQ6IpK4tUDFw/8j8BbaOOhP83Zt330cdf3qt5UdvXp 4dIEMiiOBibUrAdTns8ZgUsc/HNAFJf+uX5xw=
User-agent: KMail/1.13.5 (Linux/2.6.35-22-generic; KDE/4.5.1; x86_64; ; )

Hi,

Does anyone already succeed to use VLV search requests through JNDI API ? It 
is functional with ldapsearch, but I get the following error on JDK 1.5 :

javax.naming.NamingException [Root exception is 
com.sun.jndi.ldap.Ber$DecodeException: Encountered ASN.1 tag 2 (expected tag 
10)]

After doing some network captures between different directories implementation, 
it seems that there is a BER encoding error on the VLV response error code :

Global VLV control response ASN1 dump (through openssl asn1parse) :
    0:d=0  hl=2 l=  50 cons: SEQUENCE          
    2:d=1  hl=2 l=  24 prim: OCTET STRING      :2.16.840.1.113730.3.4.10
   28:d=1  hl=2 l=  22 prim: OCTET STRING      
      0000 - 30 14 02 01 00 02 02 00-aa 02 01 00 04 08 10 0a   
0...............
      0010 - 82 15                                             ..
      0016 - <SPACES/NULS>

Included octet string VLV control response ASN1 dump :
    0:d=0  hl=2 l=  20 cons: SEQUENCE          
    2:d=1  hl=2 l=   1 prim: INTEGER           :00
    5:d=1  hl=2 l=   2 prim: INTEGER           :AA
    9:d=1  hl=2 l=   1 prim: INTEGER           :00
   12:d=1  hl=2 l=   8 prim: OCTET STRING      
      0000 - 10 0a 82 15                                       ....
      0008 - <SPACES/NULS>

According to latest VLV draft (seems to be version 4) in section 5.2, return 
type for error code (last 00 in this dump) must be an enumerated type (tag 
type 10). In OpenLDAP response, error code is encoded as an integer (tag type 
2).  

I suggest to fix this by changing ber_printf(..."{iii ... to 
ber_printf(..."{iie ... in sssvlv.c:198. Please find a sssvlv patch attached.

Regards
-- 
Sebastien Bahloul
@: sebastien.bahloul@gmail.com

--- servers/slapd/overlays/sssvlv.c.orig	2010-10-25 16:02:38.257076732 +0200
+++ servers/slapd/overlays/sssvlv.c	2010-10-25 16:02:45.827133810 +0200
@@ -198,7 +198,7 @@
 	ber_init2( ber, NULL, LBER_USE_DER );
 	ber_set_option( ber, LBER_OPT_BER_MEMCTX, &op->o_tmpmemctx );
 
-	rc = ber_printf( ber, "{iii", so->so_vlv_target, so->so_nentries,
+	rc = ber_printf( ber, "{iie", so->so_vlv_target, so->so_nentries,
 		so->so_vlv_rc );
 
 	if ( rc != -1 && so->so_vcontext ) {

Follow-Ups:
- Re: Jndi VLV usage (maybe a BER encoding issue)
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: Syncrepl not replicating userPassword
Next by Date: slapd mysteriously quit/crash/die without last words
Index(es):
- Chronological
- Thread