[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Netscape client misparsing the bind response

Our encoding looks fine... but you might verify this (using
a client that dumps the incoming ber)....  which means you
might need to TLS enable ldapsearch(1)... our maybe use
a client side TLS wrapper application (ie: stunnel).


At 07:40 PM 8/3/99 +0200, Julio Sánchez Fernández wrote:
>I am testing the TLS thing and, since I cannot bind with the client
>certificate, I am trying user (i.e. email address) and password
>over SSL.
>Well, it fails mysteriously:
>Aug  3 19:07:07 andromeda slapd[8243]: daemon: conn=0 fd=8 connection from IP= (IP= accepted. 
>Aug  3 19:07:07 andromeda slapd[8244]: conn=0 op=0 BIND dn="" method=128 
>Aug  3 19:07:07 andromeda slapd[8244]: conn=0 op=0 RESULT err=0 tag=97 text=(null) 
>Aug  3 19:07:11 andromeda slapd[8245]: conn=0 op=1 UNBIND 
>Aug  3 19:07:11 andromeda slapd[8245]: conn=-1 fd=8 closed. 
>Here, Netscape is trying an anonymous (v2, BTW) bind before searching
>email address and such.  The server thinks the bind succeeded, but
>Netscape thinks it is an error.  To be precise, it thinks that the
>error is 0x61 LDAP_REFERRAL_LIMIT_EXCEEDED (i.e. it is reading the tag
>as the error).  However, for that to happen, it would have to
>get out of sync with the stream.  The relevant part of the trace is:
>ber_get_next: tag 0x30 len 12 contents:
>ber_dump: buf 0x81a31b8, ptr 0x81a31b8, end 0x81a31c4
>        02 01 01  ` 07 02 01 02 04 00 80 00 
>ber_get_next on fd 8 failed errno 11 (Resource temporarily unavailable)
>        *** got 135934060 of 0 so far
>daemon: select: listen=4 active_threads=1 tvp=NULL
>daemon: select: listen=5 active_threads=1 tvp=NULL
>ber_scanf fmt ({iat) ber:
>ber_dump: buf 0x81a31b8, ptr 0x81a31bb, end 0x81a31c4
>         ` 07 02 01 02 04 00 80 00 
>ber_scanf fmt (o}) ber:
>ber_dump: buf 0x81a31b8, ptr 0x81a31c2, end 0x81a31c4
>        80 00 
>do_bind: version 2 dn () method 128
>send_ldap_result: conn=0 op=0 p=2
>send_ldap_result: 0::
>send_ldap_response: tag=97 msgid=1 err=0
>Any ideas?