Search filter error returned by MS Active Directory

Didier Rossi Wed, 09 Mar 2005 15:30:05 -0800

Hi,
Hope this is the right place to report bugs. If not, let me know.
I have asked for help on http://www.ldapguru.com for the problem below
but it looks like there is a bug or limitation in Net::LDAP. 
I have myself found a work around in my application so a correction is
not critical for me but I'm willing to help by testing on my lab should
the developpers of Net::LDAP need so.
  
Filter syntax (userAccountControl:1.2.840.113556.1.4.803:=2) does not
work from Net::LDAP to AD
========================================================================
=======================
Using the search filter below in perl Net::LDAP towards Active Directory
fails.
Search filter : 
(&(useraccountcontrol:1.2.840.113556.1.4.803:=2)(objectCategory=person)(
objectclass=user))
Error message :
decode error 135 159 at
/usr/opt/perl5/lib/site_perl/5.6.0/Convert/ASN1/_decode.pm line 235 ...


By activating debug I can see that the LDAP-server responds with the
following error :
LdapErr: DSID-0C0C0D4F, comment: The server was unable to decode a
search request filter, data 0, vece...1.3.6.1.4.1.1466.20036

I'm using Net::LDAP 0.32 and Convert::ASN1 0.18 on AIX 5.1.

The weared part is that my perl script works fine if I remove the first
bracket block (with userAccountControl), and exactly the same search
filter (cut and paste) works fine from Softerra LDAP Browser 2.6 against
the same AD server ???
 
 
Debug output
============
Short version because the full version contains customer information :
# ldap.pl
Connection -> ok
Bind -> ok
filter=(&(useraccountcontrol:1.2.840.113556.1.4.803:=2)(objectCategory=p
erson)(objectclass=user))
base  =...cut...

0000  226: SEQUENCE {
0003    1:   INTEGER = 2
0006  220:   [APPLICATION 3] {
0009   74:     STRING = '...cut...'
0055    1:     ENUM = 2
0058    1:     ENUM = 2
005B    1:     INTEGER = 0
005E    1:     INTEGER = 0
0061    1:     BOOLEAN = FALSE
0064   96:     [CONTEXT 0] {
0066   47:       [CONTEXT 9] {
0068   22:         [CONTEXT 1]
006A     :           31 2E 32 2E 38 34 30 2E 31 31 33 35 35 36 2E 31
1.2.840.113556.1
007A     :           2E 34 2E 38 30 33 __ __ __ __ __ __ __ __ __ __
.4.803
0080   18:         [CONTEXT 2]
0082     :           75 73 65 72 61 63 63 6F 75 6E 74 63 6F 6E 74 72
useraccountcontr
0092     :           6F 6C __ __ __ __ __ __ __ __ __ __ __ __ __ __ ol
0094    1:         [CONTEXT 3]
0096     :           32 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ 2
0097     :       }
0097   24:       [CONTEXT 3] {
0099   14:         STRING = 'objectCategory'
00A9    6:         STRING = 'person'
00B1     :       }
00B1   19:       [CONTEXT 3] {
00B3   11:         STRING = 'objectclass'
00C0    4:         STRING = 'user'
00C6     :       }
00C6     :     }
00C6   29:     SEQUENCE {
00C8   14:       STRING = 'samaccountname'
00D8   11:       STRING = 'lockoutTime'
00E5     :     }
00E5     :   }
00E5     : }
Net::LDAP=HASH(0x204f87e4) received:
 
30 84 00 00 00 99 02 01 00 78 84 00 00 00 78 0A 0........x....x.
01 02 04 00 04 71 30 30 30 30 30 30 35 37 3A 20 .....q00000057:
4C 64 61 70 45 72 72 3A 20 44 53 49 44 2D 30 43 LdapErr: DSID-0C
30 43 30 44 34 46 2C 20 63 6F 6D 6D 65 6E 74 3A 0C0D4F, comment:
20 54 68 65 20 73 65 72 76 65 72 20 77 61 73 20  The server was
75 6E 61 62 6C 65 20 74 6F 20 64 65 63 6F 64 65 unable to decode
20 61 20 73 65 61 72 63 68 20 72 65 71 75 65 73  a search reques
74 20 66 69 6C 74 65 72 2C 20 64 61 74 61 20 30 t filter, data 0
2C 20 76 65 63 65 00 8A 16 31 2E 33 2E 36 2E 31 , vece...1.3.6.1
2E 34 2E 31 2E 31 34 36 36 2E 32 30 30 33 36 __ .4.1.1466.20036
 
0000  153: SEQUENCE {
0006    1:   INTEGER = 0
0009  120:   [APPLICATION 24] {
000F    1:     ENUM = 2
0012    0:     STRING = ''
0014  113:     STRING
0016     :       30 30 30 30 30 30 35 37 3A 20 4C 64 61 70 45 72
00000057: LdapEr
0026     :       72 3A 20 44 53 49 44 2D 30 43 30 43 30 44 34 46 r:
DSID-0C0C0D4F
0036     :       2C 20 63 6F 6D 6D 65 6E 74 3A 20 54 68 65 20 73 ,
comment: The s
0046     :       65 72 76 65 72 20 77 61 73 20 75 6E 61 62 6C 65 erver
was unable
0056     :       20 74 6F 20 64 65 63 6F 64 65 20 61 20 73 65 61  to
decode a sea
0066     :       72 63 68 20 72 65 71 75 65 73 74 20 66 69 6C 74 rch
request filt
0076     :       65 72 2C 20 64 61 74 61 20 30 2C 20 76 65 63 65 er,
data 0, vece
0086     :       00 __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ .
0087     :   }
0087   22:   [CONTEXT 10]
0089     :     31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 31 34 36 36
1.3.6.1.4.1.1466
0099     :     2E 32 30 30 33 36 __ __ __ __ __ __ __ __ __ __ .20036
009F     : }
failed to search: decode error 135 159 at
/usr/opt/perl5/lib/site_perl/5.6.0/Convert/ASN1/_decode.pm line 235,
<DATA> line 461.
0 objects returned
Net::LDAP=HASH(0x204f87e4) sending:
 
30 05 02 01 03 42 00 __ __ __ __ __ __ __ __ __ 0....B.
 
0000    5: SEQUENCE {
0002    1:   INTEGER = 3
0005    0:   [APPLICATION 2]
0007     : }

Search filter error returned by MS Active Directory

Reply via email to