05-11-2009 04:42 AM
Hi,
i trie to compose a tcl script to check the health of some ldap-servers by doing a bind request with a user called cn=LDAPTEST,ou=TEST,o=TEST, password test. I've converted the text into hex and pasted it into the appropriate section of the script:
# puts a string to server
csm_debug "sending ldap bind request"
puts -nonewline $sock [ binary format "H*" 636e3d4c44... and so on
But the reals retain the status "probe_failed". Is there something missing in the bind request. I'm not well schooled in ldap and tcl-scripting, but maybe somebody is...:-)
TIA,
Stephan
Solved! Go to Solution.
05-11-2009 05:34 AM
Stephan,
get a sniffer trace and see what the response from the ldap server is.
Compare the resposne from the server to what you get when you do a successful ldap query from a pc.
G.
05-11-2009 08:02 AM
Hi Stephan,
You've almost got it right, but you've gone wrong somewhere because you aren't sending a valid ASN.1 datastring. You're missing the "header" from the ASN.1 string and just launching into a bind request.
I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.
I reckon your string needs to be something like:
302a0201016028020103041a636e3d4c444150544553542c6f753d544553542c6f3d54455354800474657374
to create a bind request with cn=LDAPTEST,OU=TEST,O=TEST password test.
As mentioned in an earlier response the easiest way is to get do a packet capture and then paste the hex into your script.
HTH
Cathy
05-11-2009 05:34 AM
Stephan,
get a sniffer trace and see what the response from the ldap server is.
Compare the resposne from the server to what you get when you do a successful ldap query from a pc.
G.
05-11-2009 08:02 AM
Hi Stephan,
You've almost got it right, but you've gone wrong somewhere because you aren't sending a valid ASN.1 datastring. You're missing the "header" from the ASN.1 string and just launching into a bind request.
I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.
I reckon your string needs to be something like:
302a0201016028020103041a636e3d4c444150544553542c6f753d544553542c6f3d54455354800474657374
to create a bind request with cn=LDAPTEST,OU=TEST,O=TEST password test.
As mentioned in an earlier response the easiest way is to get do a packet capture and then paste the hex into your script.
HTH
Cathy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide