|
I am having a decoding problem with an IBM return of a
Password Policy Control. The openldap library is
returning a decode error, and I am not sure if it is a malformed packet created
by the IBM library or if it is being read incorrectly by the OpenLDAP code.
When IBM returns a pwdPolicy control warning, things
seem to be working fine. For instance, if the account is locked, IBM returns: 16:32:42.464616 192.168.222.1.ldap > nimes.3843: P 1:82(81) ack 79 win 64162 <nop,nop,timestamp 381944 64208323> (DF)0x0000 4500 0085 e941 4000 8006 d3d3 c0a8 de01 E....A@.........0x0010 c0a8 de0a 0185 0f03 2730 efe9 f502 f2dc ........'0......0x0020 8018 faa2 a1fa 0000 0101 080a 0005 d3f8 ................0x0030 03d3 bdc3 3084 0000 004b 0201 0161 8400 ....0....K...a..0x0040 0000 070a 0135 0400 0400 a084 0000 0035 .....5.........50x0050 3084 0000 002f 0419 312e 332e 362e 312e 0..../..1.3.6.1. 0x0060 342e 312e 3432 2e32 2e32 372e 382e 352e 4.1.42.2.27.8.5. 0x0070 3101 0100 040f 3084 0000 0009 8184 0000 1.....0.........0x0080 0003 0a01 01 .....
Which indicates that the account is
locked. However,
when the bind is supposed to succeed I get the following: 16:32:11.357530 192.168.222.1.ldap > nimes.3840: P 1:65(64) ack 82 win 64159 <nop,nop,timestamp 381657 64205214> (DF)0x0000 4500 0074 e926 4000 8006 d3ff c0a8 de01 E..t.&@.........0x0010 c0a8 de0a 0185 0f00 26c2 02bf f213 3593 ........&.....5. 0x0020 8018 fa9f 1eb4 0000 0101 080a 0005 d2d9 ................0x0030 03d3 b19e 3084 0000 003a 0201 0161 8400 ....0....:...a..0x0040 0000 070a 0100 0400 0400 a084 0000 0024 ...............$0x0050 3084 0000 001e 0419 312e 332e 362e 312e 0.......1.3.6.1. 0x0060 342e 312e 3432 2e32 2e32 372e 382e 352e 4.1.42.2.27.8.5. 0x0070 3101 0100 1...
Which I think should indicate that there is no problem,
therefore no info sent with the control (which appears to be the case). Anyway,
I am trying to decide if we need to go to IBM to fix this or if it is an
OpenLDAP issue. Thanks for your help. |