[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#6685) VLV implementation and compatibility
Full_Name: Sebastien Bahloul
Version: HEAD
OS: Linux RHEL 5
URL: ftp://ftp.openldap.org/incoming/sbahloul-101026.patch
Submission from: (NULL) (2a01:e35:2ebe:f470:222:fbff:fe34:f796)
Hi,
OpenLDAP VLV implementation seems not to be fully compliant with latest draft.
Use case has been identify through JNDI - JDK 1.5, (whereas it seems to be
functional in ldapsearch) :
javax.naming.NamingException [Root exception is
com.sun.jndi.ldap.Ber$DecodeException: Encountered ASN.1 tag 2 (expected tag
10)]
After doing some network captures between different directories implementation,
it seems that there is a BER encoding error on the VLV response error code :
Global VLV control response ASN1 dump (through openssl asn1parse) :
0:d=0 hl=2 l= 50 cons: SEQUENCE
2:d=1 hl=2 l= 24 prim: OCTET STRING :2.16.840.1.113730.3.4.10
28:d=1 hl=2 l= 22 prim: OCTET STRING
0000 - 30 14 02 01 00 02 02 00-aa 02 01 00 04 08 10 0a
0...............
0010 - 82 15 ..
0016 - <SPACES/NULS>
Included octet string VLV control response ASN1 dump :
0:d=0 hl=2 l= 20 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :00
5:d=1 hl=2 l= 2 prim: INTEGER :AA
9:d=1 hl=2 l= 1 prim: INTEGER :00
12:d=1 hl=2 l= 8 prim: OCTET STRING
0000 - 10 0a 82 15 ....
0008 - <SPACES/NULS>
According to latest VLV draft (seems to be version 4) in section 5.2, return
type for error code (last 00 in this dump) must be an enumerated type (tag
type 10). In OpenLDAP response, error code is encoded as an integer (tag type
2).
I suggest to fix this by changing ber_printf(..."{iii ... to
ber_printf(..."{iie ... in sssvlv.c:198.
Regards,