[email protected] wrote: > Full_Name: Leo Tohill > Version: 2.4.30 > OS: Windows 10 > URL: > https://docs.google.com/document/d/10uKg9Nh3HLiuOzTbLfi6Z7bCfUb8x_Ai6WK5LqNzbwA/edit?usp=sharing > Submission from: (NULL) (74.79.8.41) > > > Summary: openldap 2.4.30 does not accommodate multi-byte length value on bind > request. > > > First, I'll admit that I'm out of my depth here, I'm running a older version, > I'm on Windows, and my package was built by I don't know. But I worked hard > enough to track this down that I want you to know what I found. I might > upgrade, but that's problematic. > > At some point my bindings from .net began failing with "the username or > password > is incorrect" But they were correct. I could confirm with various other > tools. > I captured the wire traffic to isolate the problem. It turns out that Windows > forms the binding request using a multi-byte length indicator in the > request. > OpenLdap apparently does not accommodate this. I compared to a request > generated by ldapsearch.exe. That request, which succeeds, varies only by > using a single-byte length indicator. > > The multi-byte length value should be allowed, right? Isn't it possible to > have > a bind request data packet of length > 127? Which would require a multi-byte > length value. Perhaps this was fixed in a later version. > > Screenshots of the wire capture here: > > https://docs.google.com/document/d/10uKg9Nh3HLiuOzTbLfi6Z7bCfUb8x_Ai6WK5LqNzbwA/edit?usp=sharing
This URL is inaccessible, permission denied. Just copy hex dumps of both requests here in text. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
