Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

TCL script for ldap probes

Hi,

i trie to compose a tcl script to check the health of some ldap-servers by doing a bind request with a user called cn=LDAPTEST,ou=TEST,o=TEST, password test. I've converted the text into hex and pasted it into the appropriate section of the script:

# puts a string to server

csm_debug "sending ldap bind request"

puts -nonewline $sock [ binary format "H*" 636e3d4c44... and so on

But the reals retain the status "probe_failed". Is there something missing in the bind request. I'm not well schooled in ldap and tcl-scripting, but maybe somebody is...:-)

TIA,

Stephan

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: TCL script for ldap probes

Stephan,

get a sniffer trace and see what the response from the ldap server is.

Compare the resposne from the server to what you get when you do a successful ldap query from a pc.

G.

Silver

Re: TCL script for ldap probes

Hi Stephan,

You've almost got it right, but you've gone wrong somewhere because you aren't sending a valid ASN.1 datastring. You're missing the "header" from the ASN.1 string and just launching into a bind request.

I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.

I reckon your string needs to be something like:

302a0201016028020103041a636e3d4c444150544553542c6f753d544553542c6f3d54455354800474657374

to create a bind request with cn=LDAPTEST,OU=TEST,O=TEST password test.

As mentioned in an earlier response the easiest way is to get do a packet capture and then paste the hex into your script.

HTH

Cathy

2 REPLIES
Cisco Employee

Re: TCL script for ldap probes

Stephan,

get a sniffer trace and see what the response from the ldap server is.

Compare the resposne from the server to what you get when you do a successful ldap query from a pc.

G.

Silver

Re: TCL script for ldap probes

Hi Stephan,

You've almost got it right, but you've gone wrong somewhere because you aren't sending a valid ASN.1 datastring. You're missing the "header" from the ASN.1 string and just launching into a bind request.

I've answered this question before. If you search the forum for "ldap healtcheck script" - and yes the typo is real then you'll see what I did.

I reckon your string needs to be something like:

302a0201016028020103041a636e3d4c444150544553542c6f753d544553542c6f3d54455354800474657374

to create a bind request with cn=LDAPTEST,OU=TEST,O=TEST password test.

As mentioned in an earlier response the easiest way is to get do a packet capture and then paste the hex into your script.

HTH

Cathy

322
Views
0
Helpful
2
Replies
CreatePlease to create content