[Date Prev][Date Next]
Re: definition of tag= entries in logs
Ralf Haferkamp writes:
>On Friday 13 August 2004 03:35, Andrew Diederich wrote:
>> I'm having problem some problems authenticating against openLDAP, and I
>> think the answer may be in the openLDAP logfile, but I don't know how to
>> read it right. It looks like successful binds look like this:
>> Aug 9 08:36:17 servername slapd: conn=0 op=20 RESULT tag=97 err=0
>> and unsuccessful binds look like this:
>> Aug 9 08:35:03 servername slapd: conn=11771 op=108408 SEARCH
>> RESULT tag=101 err=0 nentries=0 text=
>> The big difference as far as I can tell is the tag=101 vs the tag=97.
> The tags indicate what type of message the is sending tag=101 is a
> "SearchResultDone" message, while tag=97 is a "BindResponse".
Which you can see from the ASN.1 in rfc2251. Each type (BOOLEAN,
SEQUENCE etc) has its own tag, and if there is a , [APPLICATION 3]
etc. in front of it, that overrides the type's tag. The tag octet
consists of class (bits 7-8), encoding (bit 6) and the tag value (bits
00 (0) UNIVERSAL Common to all applications
40 (1) APPLICATION Common to a specific application, eg. X.500.
C0 (3) PRIVATE Common to a specific enterprise
80 (2) CONTEXT-SPECIFIC Selector in a structured type (default).
Encoding: 00 for primitive encoding, 20 for constructed encoding (like
Some UNIVERSAL types:
(00 unused), (01 boolean?), 02 INTEGER, 03 BIT STRING, 04 OCTET STRING,
05 NULL, 10 SEQUENCE / SEQUENCE OF, 11 SET / SET OF, 16 IA5String.