[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: definition of tag= entries in logs

Ralf Haferkamp writes:
>On Friday 13 August 2004 03:35, Andrew Diederich wrote:
>> I'm having problem some problems authenticating against openLDAP, and I  
>> think the answer may be in the openLDAP logfile, but I don't know how to  
>> read it right.  It looks like successful binds look like this:
>> Aug  9 08:36:17 servername slapd[16836]: conn=0 op=20 RESULT tag=97 err=0  
>> text=
>> and unsuccessful binds look like this:
>> Aug  9 08:35:03 servername slapd[11823]: conn=11771 op=108408 SEARCH  
>> RESULT tag=101 err=0 nentries=0 text=
>> The big difference as far as I can tell is the tag=101 vs the tag=97.   
> The tags indicate what type of message the is sending tag=101 is a 
> "SearchResultDone" message, while tag=97 is a "BindResponse".

Which you can see from the ASN.1 in rfc2251.  Each type (BOOLEAN,
SEQUENCE etc) has its own tag, and if there is a [0], [APPLICATION 3]
etc. in front of it, that overrides the type's tag.  The tag octet
consists of class (bits 7-8), encoding (bit 6) and the tag value (bits

 00 (0) UNIVERSAL          Common to all applications
 40 (1) APPLICATION        Common to a specific application, eg. X.500.
 C0 (3) PRIVATE            Common to a specific enterprise
 80 (2) CONTEXT-SPECIFIC   Selector in a structured type (default).

Encoding: 00 for primitive encoding, 20 for constructed encoding (like

Some UNIVERSAL types:
(00 unused), (01 boolean?), 02 INTEGER, 03 BIT STRING, 04 OCTET STRING,
05 NULL, 10 SEQUENCE / SEQUENCE OF, 11 SET / SET OF, 16 IA5String.