Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Scripted LDAP Probe w/username and password

I have a scripted LDAP rpobe currently in use. It uses the anonymous bind authentication to work and it works just fine. However they want to go to a username and password instead for security reasons. So I used the script that was previously supplied on this forum to create the HEX. See below:

$username = "uid=XXXXXX,cn=support,dc=enterprise,dc=com";

$password = "XXXXX";

$len_username = length($username);

$xlen_username = sprintf("%02x", $len_username); $len_password = length($password); $xlen_password = sprintf("%02x", $len_password);

$username =~s/(.)/sprintf("%x",ord($1))/eg; $password =~s/(.)/sprintf("%x",ord($1))/eg;

$temp = "020103" . "04" . $xlen_username . $username . "80" . $xlen_password . $password; $tlen = length($temp) / 2; $xtlen = sprintf("%02x",$tlen);

$temp = "020101" . "60" . $xtlen . $temp;

$tlen = length($temp) / 2;

$xtlen = sprintf("%02x",$tlen);

$temp = "30" . $xtlen . $temp;

print $temp . "\n";

I get this result in HEX, (last 6 characters are changed )

303e0201016039020103042b7569643d214c4242494e442c636e3d737570706f72742c64633d656e74657270726973652c64633d636f6d800742316e64XXXXXX

I added them to the Probe script here:

ace_debug "sending ldap bind request"

puts -nonewline $sock [ binary format "H*" NEW HEX STRING  ]

flush $sock

However this doesn't work, am I putting this new HEX string in the proper place or does everything look right?

  • Application Networking
1 REPLY
Bronze

Scripted LDAP Probe w/username and password

Robert-

  The string length maximum is 127 characters, you ended up with 128 somehow.  The string you send is specific to a few things, like the server type, how the array is created, etc.  You should check out this thread: https://supportforums.cisco.com/message/3613048#3613048 It has some decent information on it.

 

Chris

551
Views
0
Helpful
1
Replies
This widget could not be displayed.