keepalive script ap-kal-ldap for secure LDAP

Unanswered Question
Jun 6th, 2008
User Badges:

I tested the default ap-kal-ldap script with success towards our LDAP 3 servers on port 389. But I need another script for port 636 secure LDAP. Just changing the script to use port 636 doesn't seem to be the trick... I suppose the hex data needs to be altered, or do I need to install a client certificate on the CSS?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Fri, 06/06/2008 - 06:44
User Badges:
  • Cisco Employee,

unfortunately you will not find any script to do this. The CSS script language does not have the option to encrypt/decrypt data which is required for secure LDAP.


aajvandewiel Mon, 06/09/2008 - 05:43
User Badges:

Gilles, thanks for your answer. So no support for encrypt/decrypt on the CSS. What about changing the raw string to match the socket requests etc?

Gilles Dufour Mon, 06/09/2008 - 14:31
User Badges:
  • Cisco Employee,

nope, because encryption/decryption mechanism are exactly there to prevent resending some raw data :-)

All you can do is check if the tcp port is responding to SYN.



This Discussion