Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSS keepalive script for LDAP (Novell)

I need an advanced script for Cisco CSS11000 for LDAP keepalive. The problem is the built-in script is too rudimental, what it does is just check the tcp 389 connection to the servers plus some expected bind response code "0A, 01, 00". But what happened for us is when the LDAP server (Novell) is doing DS repair, in which the server is too busy to handle the real LDAP call but still reply the tcp 389 request, CSS think it is still alive.

We want a smart script that can handle real LDAP call (like a LDAP client) and send a real LDAP request instead of a simple tcp 389 request. Does anyone have any idea?

Thanks in advance,

Thanks in advance,


Cisco Employee

Re: CSS keepalive script for LDAP (Novell)

with the CSS script language you can send binary data and receive binary response.

If you know what port to send the request to, what are the binary data and what is the expected binary response, we can easily do a script for you.

The easiest way to get the binary info is to make a LDAP query and capture it with sniffer.

Also capture the response.

Make sure to do a query that will always result in the same response.

Once you have this data, you can try to update the ldap script yourself [hint: use the raw keyword when sending the data].

Or post the info here and will try to make a script for you.


New Member

Re: CSS keepalive script for LDAP (Novell)

Thanks Gilles.

This does help.

I captured the packets, I am trying to modify the script. Couple questions re the script.

I am okay to edit the "socket send" value, which is my tcp search request. What should I use for the "socket waitfor" value? I tried LDAP successful code "0a0100". But I got the failure. I tried use offset as well, but from the trace, offsets are different for each packet.

Thanks in advance,


Cisco Employee

Re: CSS keepalive script for LDAP (Novell)

you should indeed use socket waitfor for the response.

Once again, put the raw keyword at the end and also increase the TCP timeout to 1000msec or more if necessary.

Capture sniffer traces to make sure the CSS sends the right data and receives the right response.