SASL and Oracle Internet Directory

Fri, 05 Jan 2007 14:35:47 -0800

I am getting the following error when attempting SASL authentication using DIGEST-MD5 between Net::LDAP and an Oracle Internet Directory server:
84: LDAP_DECODING_ERROR: C<Net::LDAP> encountered an error while decoding a response packet from 
the server.
My code snippet follows followed by my debugging output (I've removed the password and the distinguished name from the debugging and replaced them with placeholders). Can anyone with more knowledge of how SASL works let me know what I might have done wrong or what I might try next? I have successfully used this code to connect to Active Directory, just not Oracle. Thanks for your help. 

Here is the code and the error:

-----CODE-----
$ldap = Net::LDAP->new($LDAP_SERVER,
                                        port   => $LDAP_PORT,
                                        debug => $DEBUG_LEVEL);

my $sasl = Authen::SASL->new(
   mechanism => 'DIGEST-MD5 CRAM-MD5 EXTERNAL LOGIN PLAIN ANONYMOUS',
   callback  => {
     user => $SASL_USER_NAME,
     pass => $PASSWORD
   },
 );

my $mesg = $ldap->bind(
   dn => $DISTINGUISHED_NAME,
   sasl => $sasl,
   version => 3
);

if ($mesg->code())
{
   my $codeNumber = $mesg->code();
my $ldapError = ldap_error_name ( $codeNumber ) . ": " . ldap_error_text( $codeNumber); 
   print <<ERROR;
LDAP SASL ERROR:
   $ldapError
ERROR
}
else
{
   print <<SUCCESS;
LDAP SASL BIND SUCCESSFUL
SUCCESS
}
-----END CODE-----

------ BEGIN DEBUG OUTPUT ------
Net::LDAP=HASH(0x1ba49d8) sending:
0000   59: SEQUENCE {
0002    1:   INTEGER = 1
0005   54:   [APPLICATION 0] {
0007    1:     INTEGER = 3
000A   37:     STRING = '<distinguished name>'
0031   10:     [CONTEXT 0]
0033 : 48 33 31 70 4D 33 4C 44 41 50 __ __ __ __ __ __ <secret password> 
003D     :   }
003D     : }
Net::LDAP=HASH(0x1ba49d8) received:

30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0A 0........a......
01 00 04 00 04 00 __ __ __ __ __ __ __ __ __ __ ......

Net::LDAP=HASH(0x1ba49d8) sending:
0000    5: SEQUENCE {
0002    1:   INTEGER = 2
0005    0:   [APPLICATION 2]
0007     : }
Net::LDAP=HASH(0x1c48f90) sending:
0000   61: SEQUENCE {
0002    1:   INTEGER = 3
0005   56:   [APPLICATION 0] {
0007    1:     INTEGER = 3
000A   37:     STRING = '<distinguished name>'
0031   12:     [CONTEXT 3] {
0033   10:       STRING = 'DIGEST-MD5'
003F     :     }
003F     :   }
003F     : }
Net::LDAP=HASH(0x1c48f90) received:

30 84 00 00 00 AF 02 01 03 61 84 00 00 00 07 0A 0........a......
01 0E 04 00 04 00 87 81 9C 6E 6F 6E 63 65 3D 22 .........nonce="
35 37 35 36 30 34 30 41 43 43 45 30 37 37 37 32 5756040ACCE07772
42 34 42 46 31 31 39 38 46 46 43 32 41 34 38 30 B4BF1198FFC2A480
22 2C 71 6F 70 3D 22 61 75 74 68 2D 63 6F 6E 66 ",qop="auth-conf
2C 61 75 74 68 2D 69 6E 74 2C 61 75 74 68 22 2C ,auth-int,auth",
6D 61 78 62 75 66 3D 36 35 35 33 36 2C 63 68 61 maxbuf=65536,cha
72 73 65 74 3D 75 74 66 2D 38 2C 63 69 70 68 65 rset=utf-8,ciphe
72 3D 22 72 63 34 2D 35 36 2C 20 64 65 73 2C 20 r="rc4-56, des,
33 64 65 73 2C 20 72 63 34 2C 20 72 63 34 2D 34 3des, rc4, rc4-4
30 22 2C 61 6C 67 6F 72 69 74 68 6D 3D 6D 64 35 0",algorithm=md5
2D 73 65 73 73 __ __ __ __ __ __ __ __ __ __ __ -sess
------ END DEBUG OUTPUT ------


--



*David Pinkowitz*
Senior Software Engineer
Numara^(TM) Software, Inc.
732.404.8943 (o)
732.287.4929 (f)
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>

Reply via email to