Friday, June 29, 2007

How to see LDAP protocol working over the network???


Many network protocols like HTTP and SMTP are text-based, which means that
it is relatively simple to decode that information if it is intercepted over the wire.
LDAP, however, is binary protocol that uses the ASN.1 basic encoding rules
specification to encode all communication. While some components of LDAP
communication (e.g., distinguished names) may be decipherable, it is
significantly more difficult to interpret other data elements.
To address this problem, the LDAPDecoder utility provides a means of
interpreting LDAP communication and displaying it in a human-readable form.
This can be very useful for debugging problems with the interaction between
LDAP clients and a directory server, or to simply gain a better understanding of
the structure of LDAP traffic.

LDAPDecoder can be downloaded from http://www.slamd.com/download.shtml location.

Unpack the LDAPDecoder.jar and the howto guide from the compressed file in a folder.

for running LDAPDecoder use following command

java -jar LDAPDecoder.jar -L
-f


once it is listening you can run the ldapsearch/ldapmodify and check the log file to see how LDAP server responds to the request.

I am giving the request response sequence for ldapsearch

New client connection from 127.0.0.1:1298
-- Read data from the clientDecoded Data from Client:
LDAP Bind Request
Message ID: 1
LDAP Bind Request Protocol Op
LDAP Version: 3
Bind DN: cn=admin
Authentication Data:
Authentication Type: Simple
Bind Password: password

Read data from the serverDecoded Data from Server:
LDAP Bind Response Message ID: 1 LDAP Bind Response Protocol Op Result Code: 0 (Success)

Read data from the clientDecoded Data from Client:
LDAP Search Request
Message ID: 2 LDAP Search Request Protocol Op Base DN: dc=am,dc=sony,dc=com Scope: 2 (wholeSubtree) Deref Aliases: 0 (neverDerefAliases) Size Limit: 0 Time Limit: 0 Types Only: false Filter: (uid=abcd) Attributes:

Read data from the serverDecoded Data from Server:

LDAP Search Result Entry Message ID: 2 LDAP Search Result Entry Protocol Op dn: uid=abcd,ou=users,l=america,dc=am,dc=sony,dc=com
mail: Jack.Bauer@sun.com
cn: Bauer Jack
sn: Jack
givenName: Bauer
uid: abcd
objectClass: top
objectClass: person
objectClass: organizationalperson
objectClass: inetorgperson
objectClass: inetuser
objectClass: sonyperson
objectClass: americasonyperson
userPassword: {SSHA}7h3HPwNNIYAecfrYbigXsQinNqW2N/gqGxECLw==



Technorati :

No comments: