Modifying entry in ApacheDS failes silently
Closed this issue · 6 comments
miyamiyaz commented
When I request modify message on my local ApacheDS, the target entry is not edited and
my script has ended immediately at await conn.modify('cn=test,dc=example,dc=com', mods).
here is my environment:
OS: ubuntu 18.10
Dart: 2.1.1
ApacheDS: 2.0.0.AM25
script:
import 'package:dartdap/dartdap.dart';
import 'package:logging/logging.dart';
Future<LdapConnection> getLdapConnection() async {
var ldapHost = "localhost";
var ssl = false; // true = use LDAPS (i.e. LDAP over SSL/TLS)
var ldapPort = 10389; // null = use standard LDAP/LDAPS port
var bindDN = "uid=admin,ou=system"; // null=unauthenticated
var password = "secret";
var connection = LdapConnection(host: ldapHost);
connection.setProtocol(ssl, ldapPort);
await connection.setAuthentication(bindDN, password);
return connection;
}
main(List<String> arguments) async {
// configure logger
Logger.root.onRecord.listen((LogRecord rec) {
print('${rec.time}: ${rec.loggerName}: ${rec.level.name}: ${rec.message}');
});
new Logger("ldap.session").level = Level.ALL;
new Logger("ldap.send.ldap").level = Level.ALL;
new Logger("ldap.send.bytes").level = Level.ALL;
new Logger("ldap.recv.ldap").level = Level.ALL;
new Logger("ldap.recv.asn1").level = Level.ALL;
new Logger("ldap.recv.bytes").level = Level.ALL;
final conn = await getLdapConnection();
final mods = [Modification.add('description', ['test'])];
final result = await conn.modify('cn=test,dc=example,dc=com', mods);
print(result);
await conn.close(true);
}
ouput :
2019-02-20 10:51:32.829453: ldap.send.ldap: FINE: [2] Sending LDAP message: Msg(id=2, op=BND_REQ,controls=null)
2019-02-20 10:51:32.833675: ldap.send.bytes: FINEST: [2] Bytes sending (s): 0%���` �����uid=admin,ou=system��secret
2019-02-20 10:51:32.834307: ldap.send.bytes: FINEST: [2] Bytes sending: [48, 37, 2, 1, 2, 96, 32, 2, 1, 3, 4, 19, 117, 105, 100, 61, 97, 100, 109, 105, 110, 44, 111, 117, 61, 115, 121, 115, 116, 101, 109, 128, 6, 115, 101, 99, 114, 101, 116]
2019-02-20 10:51:32.837829: ldap.send.bytes: FINER: [2] Sent 39 bytes
2019-02-20 10:51:32.839215: ldap.recv.bytes: FINE: received: 14
2019-02-20 10:51:32.839664: ldap.recv.bytes: FINEST: received: [48, 12, 2, 1, 2, 97, 7, 10, 1, 0, 4, 0, 4, 0]
2019-02-20 10:51:32.839824: ldap.recv.bytes: FINER: parsed ASN.1 object: 14 bytes
2019-02-20 10:51:32.839913: ldap.recv.asn1: FINE: ASN.1 object received: tag=48, length=12
2019-02-20 10:51:32.840055: ldap.recv.asn1: FINEST: ASN.1 value: [2, 1, 2, 97, 7, 10, 1, 0, 4, 0, 4, 0]
2019-02-20 10:51:32.841655: ldap.recv.ldap: FINE: LDAP message received: Id=2 protocolOp=Seq[ASNInteger(0) OctetString() OctetString() ]
2019-02-20 10:51:32.842142: ldap.recv.ldap: FINER: LDAP response received: BND_RESP
2019-02-20 10:51:32.842292: ldap.recv.ldap: FINER: Response op=Msg(id=2, op=BND_RESP,controls=null)
2019-02-20 10:51:32.842424: ldap.recv.ldap: FINER: Parse LDAP result: Seq[ASNInteger(0) OctetString() OctetString() ]
2019-02-20 10:51:32.842735: ldap.send.ldap: FINE: LDAP request serviced: Msg(id=2, op=BND_REQ,controls=null) (14 ms)
2019-02-20 10:51:32.842907: ldap.recv.bytes: FINER: processed: all
2019-02-20 10:51:32.843512: ldap.send.ldap: FINE: [3] Sending LDAP message: Msg(id=3, op=MODIFY_REQUEST,controls=null)
2019-02-20 10:51:32.843604: ldap.send.bytes: FINEST: [3] Bytes sending (s): 0>���f9��cn=test,dc=example,dc=com0�0��� 0���description0���test
2019-02-20 10:51:32.843818: ldap.send.bytes: FINEST: [3] Bytes sending: [48, 62, 2, 1, 3, 102, 57, 4, 25, 99, 110, 61, 116, 101, 115, 116, 44, 100, 99, 61, 101, 120, 97, 109, 112, 108, 101, 44, 100, 99, 61, 99, 111, 109, 48, 28, 48, 26, 2, 1, 0, 48, 21, 4, 11, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 48, 6, 4, 4, 116, 101, 115, 116]
2019-02-20 10:51:32.843918: ldap.send.bytes: FINER: [3] Sent 64 bytes
2019-02-20 10:51:32.865674: ldap.recv.bytes: FINEST: LDAP stream transformer: byte stream done
chrisridd commented
On closer inspection of the encoded ModifyRequest, we're encoding the PartialAttribute values in an ASN.1 SEQUENCE OF, not a SET OF. This is invalid LDAP. The LDAP server is probably rejecting this bad protocol and closing the connection on us in retaliation.
See byte offset 0x0038:
0000 62: SEQUENCE {
0002 1: INTEGER = 3
0005 57: [APPLICATION 6] { -- ModifyRequest
0007 25: STRING = 'cn=test,dc=example,dc=com' -- object
0022 28: SEQUENCE { -- changes
0024 26: SEQUENCE { -- change
0026 1: INTEGER = 0 -- add
0029 21: SEQUENCE { -- modication (PartialAttribute)
002B 11: STRING = 'description' -- type
0038 6: SEQUENCE { -- SHOULD BE SET
003A 4: STRING = 'test'
0040 : }
0040 : }
0040 : }
0040 : }
0040 : }
0040 : }
chrisridd commented
Try changing
to use anASN1Set() instead.chrisridd commented
We're miscoding the change type (0 -> add) as an INTEGER instead of an ENUM too.
Probably should be ASN1Enumerated
wstrange commented
@chrisridd Nice catch!
wstrange commented
@miyazakijunichi I pushed version 0.3.4 to pub. It has the changes suggested by Chris.
I have had zero time to test this (getting ready to head out on vacation) - so let me know if this fixes your issue.