Menu
▾
▴
Re: set-password extended operation encoding error
|
From: Darryl C P. <da...@co...> - 2002-06-18 16:46:43
|
I Think I figured out the problem. The ldap implementation under test returns
an error if the userIdentity or old password fields are present in the
request. This sort of sucks. If I only pass the newpass to the encode method
(for passwordModReq) It works (i.e. changes the password) but I get a BER
decoding error and the script hangs with an unexpected PDU:
30 56 02 01 01 60 51 02 01 03 04 42 63 6E 3D 50 0V...`Q....Bcn=P
61 75 6C 20 43 65 7A 61 6E 6E 65 2C 20 64 63 3D aul Cezanne, dc=
43 6C 69 65 6E 74 31 2C 20 64 63 3D 56 65 6E 64 Client1, dc=Vend
6F 72 31 2C 20 64 63 3D 4D 6F 64 69 66 79 2C 20 or1, dc=Modify,
64 63 3D 49 4D 43 2C 20 64 63 3D 6F 72 67 80 08 dc=IMC, dc=org..
50 61 75 6C 30 30 30 35 __ __ __ __ __ __ __ __ Paul0005
0000 86: SEQUENCE {
0002 1: INTEGER = 1
0005 81: [APPLICATION 0] {
0007 1: INTEGER = 3
000A 66: STRING = 'cn=Paul Cezanne, dc=Client1, dc=Vendor1, dc=Modify,
dc=IMC, dc=org'
004E 8: [CONTEXT 0]
0050 : 50 61 75 6C 30 30 30 35 __ __ __ __ __ __ __ __ Paul0005
0058 : }
0058 : }
Net::LDAP=HASH(0x82e89f8) received:
30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0A 0........a......
01 00 04 00 04 00 __ __ __ __ __ __ __ __ __ __ ......
0000 16: SEQUENCE {
0006 1: INTEGER = 1
0009 7: [APPLICATION 1] {
000F 1: ENUM = 0
0012 0: STRING = ''
0014 0: STRING = ''
0016 : }
0016 : }
Net::LDAP=HASH(0x82e89f8) sending:
30 2D 02 01 02 77 28 80 17 31 2E 33 2E 36 2E 31 0-...w(..1.3.6.1
2E 34 2E 31 2E 34 32 30 33 2E 31 2E 31 31 2E 31 .4.1.4203.1.11.1
81 0D 30 0B 83 09 53 65 63 72 65 74 6D 64 35 __ ..0...Secretmd5
0000 45: SEQUENCE {
0002 1: INTEGER = 2
0005 40: [APPLICATION 23] {
0007 23: [CONTEXT 0]
0009 : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 34 32 30 33
1.3.6.1.4.1.4203
0019 : 2E 31 2E 31 31 2E 31 __ __ __ __ __ __ __ __ __ .1.11.1
0020 13: [CONTEXT 1]
0022 : 30 0B 83 09 53 65 63 72 65 74 6D 64 35 __ __ __ 0...Secretmd5
002F : }
002F : }
Net::LDAP=HASH(0x82e89f8) received:
30 84 00 00 00 3E 02 01 00 78 84 00 00 00 35 0A 0....>...x....5.
01 00 04 00 04 14 42 45 52 20 64 65 63 6F 64 69 ......BER decodi
6E 67 20 70 72 6F 62 6C 65 6D 8A 16 31 2E 33 2E ng problem..1.3.
36 2E 31 2E 34 2E 31 2E 31 34 36 36 2E 32 30 30 6.1.4.1.1466.200
33 36 8B 00 __ __ __ __ __ __ __ __ __ __ __ __ 36..
0000 62: SEQUENCE {
0006 1: INTEGER = 0
0009 53: [APPLICATION 24] {
000F 1: ENUM = 0
0012 0: STRING = ''
0014 20: STRING = 'BER decoding problem'
002A 22: [CONTEXT 10]
002C : 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36
1.3.6.1.4.1.1466
003C : 2E 32 30 30 33 36 __ __ __ __ __ __ __ __ __ __ .20036
0042 0: [CONTEXT 11]
0044 : }
0044 : }
Unexpected PDU, ignored
---- Original message ----
>Date: Tue, 18 Jun 2002 16:18:00 +0100
>From: Graham Barr <gb...@po...>
>Subject: Re: set-password extended operation encoding error
>To: Darryl C Price <da...@co...>
>Cc: LDAP Mailing List <per...@li...>
>
>On Tue, Jun 18, 2002 at 10:56:32AM -0400, Darryl C Price wrote:
>>
>> Here is the hex dump of a ldappasswd request that succeeds:
>>
>> 30 2c 02 01 02 77 27 80 17 31 2e 33 2e 36 2e 31 0,...w'..1.3.6.1
>> 2e 34 2e 31 2e 34 32 30 33 2e 31 2e 31 31 2e 31 .4.1.4203.1.11.1
>> 81 0c 30 0a 82 08 50 61 75 6c 30 30 30 35 ..0...Paul0005
>>
>> And here is one that fails from the extension method in Net::LDAP
>>
>> 30 2D 02 01 02 77 28 80 17 31 2E 33 2E 36 2E 31 0-...w(..1.3.6.1
>> 2E 34 2E 31 2E 34 32 30 33 2E 31 2E 31 31 2E 31 .4.1.4203.1.11.1
>> 81 0D 30 0B 81 09 53 65 63 72 65 74 6D 64 35 __ ..0...Secretmd5
>>
>> This does look like an encoding error to me.
>
>You have used a different password in each case. In ldappasswd
>it has Paul0005 but in Net::LDAP it has Secretmd5
>
>Graham.
>
Darryl C Price
Conversant Systems, LLC
Email: da...@co...
Phone: (513)768-3120
Mobile: (513)225-8528
Web: http://www.convsys.com
|
