ldap-check with Active Directory

Mon, 30 Mar 2015 13:34:14 -0700 

Hello

I'm trying to use ldap-check with active directory and the response active
directory gives is not one ldap-check is happy to accept

when I give a 389 directory backend ldap server all is well, when I use AD
I get 'Not LDAPv3 protocol'

I've done a little poking about and found that
                        if ((msglen > 2) ||
                            (memcmp(check->bi->data + 2 + msglen,
"\x02\x01\x01\x61", 4) != 0)) {
                                set_server_check_status(check,
HCHK_STATUS_L7RSP, "Not LDAPv3 protocol");
is where I'm getting stopped as msglen is 4

Here is tcpdump of 389 directory response (the one that works) 2 packets
21:29:34.195699 IP 389.ldap > HAPROXY.57109: Flags [.], ack 15, win 905,
options [nop,nop,TS val 856711882 ecr 20393440], length 0
    0x0000:  0050 5688 7042 0064 403b 2700 0800 4500  .PV.pB.d@;'...E.
    0x0010:  0034 9d07 4000 3f06 3523 ac1b e955 ac18  .4..@.?.5#...U..
    0x0020:  2810 0185 df15 5cab ffcd 63ba 77d3 8010  (.....\...c.w...
    0x0030:  0389 2c07 0000 0101 080a 3310 62ca 0137  ..,.......3.b..7
    0x0040:  2de0                                     -.
21:29:34.195958 IP 389.ldap > HAPROXY.57109: Flags [P.], seq 1:15, ack 15,
win 905, options [nop,nop,TS val 856711882 ecr 20393440], length 14
    0x0000:  0050 5688 7042 0064 403b 2700 0800 4500  .PV.pB.d@;'...E.
    0x0010:  0042 9d08 4000 3f06 3514 ac1b e955 ac18  .B..@.?.5....U..
    0x0020:  2810 0185 df15 5cab ffcd 63ba 77d3 8018  (.....\...c.w...
    0x0030:  0389 e878 0000 0101 080a 3310 62ca 0137  ...x......3.b..7
    0x0040:  2de0 300c 0201 0161 070a 0100 0400 0400  -.0....a........

Here is tcpdump of active directory (broken) 1 packet

21:25:24.519883 IP ADSERVER.ldap > HAPROXY.57789: Flags [P.], seq 1:23, ack
15, win 260, options [nop,nop,TS val 1870785 ecr 20331021], length 22
    0x0000:  0050 5688 7042 0050 5688 7780 0800 4500  .PV.pB.PV.w...E.
    0x0010:  004a 1d7d 4000 8006 34e3 ac18 280d ac18  .J.}@...4...(...
    0x0020:  2810 0185 e1bd 5a3f 2ae7 3ced 7b5b 8018  (.....Z?*.<.{[..
    0x0030:  0104 1d7a 0000 0101 080a 001c 8bc1 0136  ...z...........6
    0x0040:  3a0d 3084 0000 0010 0201 0161 8400 0000  :.0........a....
    0x0050:  070a 0100 0400 0400

this was discussed but not finished before see
http://www.serverphorums.com/read.php?10,394453

I can see the string \02\01\01\61 is there but not in the correct place

Anyone have any ideas about fixing this so that both (and possibly other)
ldap implementations work?

Thanks,

Neil

Reply via email to