The control value (3003020101) is a PDU which has teh following meaning : 0x30 0x03 : SEQ length 3 0x02 0x01 0x01 : INTEGER length 1 value 1
So you have sent a correct Control, but the OID has changed : 1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to Windows 2012) and the OID you are using is a new one (1.2.840.113556.1.4.2239). I can only bet that the OID is not understood by the Windows machine you are talking to. On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote: > Thanks Shawn, I was going to ask that. But I got wireshark working. > Below is the packet I'm assuming we want to see. In concept it looks > correct, but i'm not sure what the controlValue is suppose to be on the > wire. > > Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on > interface 0 > Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst: > PcsCompu_4b:a3:17 (08:00:27:4b:a3:17) > Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11 > > Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45, > Ack: 46, Len: 229 > Lightweight Directory Access Protocol > LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU- > Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD- > Administration,dc=develop,dc=local" > messageID: 7 > protocolOp: modifyRequest (6) > modifyRequest > object: cn=model_ouadmin,ou=PSU-OU- > Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD- > Administration,dc=develop,dc=local > modification: 1 item > [Response In: 10] > controls: 1 item > Control > controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs, > USA.113556.1.4.2239) > criticality: True > controlValue: 3003020101 > > Thanks. > Craig Benner > > ----- Original Message ----- > From: "Shawn McKinney" <smckin...@apache.org> > To: "api" <api@directory.apache.org> > Sent: Friday, September 8, 2017 9:58:56 AM > Subject: Re: Ldap API Custom Controls > > > On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote: > > > > It will take some changes to get a wireshark capture, since Password's > can only be managed over a secure connection. Hopefully tomorrow I can get > you the wireshark capture > > Wonder if it would be easier to just enable the API logger containing the > BER request/response traces? That’s typically how I debug. Saves the > trouble of setting up wireshark. > > <category name="org.apache.directory.api" class="org.apache.log4j.Logger" > additivity="false"> > <priority value="DEBUG" class="org.apache.log4j.Level"/> > <appender-ref ref="file"/> > </category> > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
