Re: decode error 30<=>73 0 8 at Convert/ASN1/_decode.pm line 106.

[Chris Ridd]

On 3 Jul 2008, at 20:20, Daniel Stutz wrote:

> Hi all,
>
> I am trying to implement an Net::LDAP::Extension and hit the wall,
> when the first LDAPResponse from the server arrives.
> ASN1::_decode returns an error, when it is called on that
> LDAPResponse, which should contain an ExtendedResponse.
>
> I extended Net::LDAP to write the pdu to a file before it calls
> LDAPResponse->decode on it.
> The pdu is attached. As well as the ASN1 extracted from
> Net::LDAP::ASN and a small scrip, that also can't parse the pdu.
>
> Kind regards,
> Daniel
> 0x ys
> € 2.16.840.1.113719.1.27.100.81 K0„E f c„9 Hm
> R‚ >ƒ =„ ´7!à
> §„ o=MyQA cn=edir_test1,o=MyQALDAPRequest ::= SEQUENCE {

It seems to have got included inline as text, and mangled. If you
simply call $ldap->debug(2) before retrieving your result, can you
post the hex?

Cheers,

Chris

[Daniel Stutz]

[Daniel Stutz]

Here we go:

30 81 83 02 01 03 79 7E 0A 01 00 04 00 04 00 80 0.....y~........
1D 32 2E 31 36 2E 38 34 30 2E 31 2E 31 31 33 37 .2.16.840.1.1137
31 39 2E 31 2E 32 37 2E 31 30 30 2E 38 31 81 56 19.1.27.100.81.V
30 84 00 00 00 50 02 01 64 02 01 00 63 84 00 00 0....P..d...c...
00 44 81 04 48 6D E0 AA 82 02 03 69 83 01 3C 84 .D..Hm.....i..<.
04 B3 B4 B4 40 85 00 86 84 00 00 00 06 02 01 FF ....@...........
02 01 FF A7 84 00 00 00 1D 04 06 6F 3D 4D 79 51 ...........o=MyQ
41 04 13 63 6E 3D 53 54 45 49 4E 42 41 43 48 2C A..cn=STEINBACH,
6F 3D 4D 79 51 41 __ __ __ __ __ __ __ __ __ __ o=MyQA

[Graham Barr]

On Jul 4, 2008, at 2:18 AM, Daniel Stutz wrote:

> Here we go:
>
> 30 81 83 02 01 03 79 7E 0A 01 00 04 00 04 00 80 0.....y~........
> 1D 32 2E 31 36 2E 38 34 30 2E 31 2E 31 31 33 37 .2.16.840.1.1137
> 31 39 2E 31 2E 32 37 2E 31 30 30 2E 38 31 81 56 19.1.27.100.81.V
> 30 84 00 00 00 50 02 01 64 02 01 00 63 84 00 00 0....P..d...c...
> 00 44 81 04 48 6D E0 AA 82 02 03 69 83 01 3C 84 .D..Hm.....i..<.
> 04 B3 B4 B4 40 85 00 86 84 00 00 00 06 02 01 FF ....@...........
> 02 01 FF A7 84 00 00 00 1D 04 06 6F 3D 4D 79 51 ...........o=MyQ
> 41 04 13 63 6E 3D 53 54 45 49 4E 42 41 43 48 2C A..cn=STEINBACH,
> 6F 3D 4D 79 51 41 __ __ __ __ __ __ __ __ __ __ o=MyQA

What server are you using ?

That packet decodes as

0000 131: SEQUENCE {
0003 1: INTEGER = 3
0006 126: [APPLICATION 25] {
0008 1: ENUM = 0
000B 0: STRING = ''
000D 0: STRING = ''
000F 29: [CONTEXT 0]
0011 : 32 2E 31 36 2E 38 34 30 2E 31 2E 31 31 33 37 31
2.16.840.1.11371
0021 : 39 2E 31 2E 32 37 2E 31 30 30 2E 38 31 __ __ __
9.1.27.100.81
002E 86: [CONTEXT 1]
0030 : 30 84 00 00 00 50 02 01 64 02 01 00 63 84 00 00
0....P..d...c...
0040 : 00 44 81 04 48 6D E0 AA 82 02 03 69 83 01 3C
84 .D..Hm.....i..<.
0050 : 04 B3 B4 B4 40 85 00 86 84 00 00 00 06 02 01
FF ....@...........
0060 : 02 01 FF A7 84 00 00 00 1D 04 06 6F 3D 4D 79
51 ...........o=MyQ
0070 : 41 04 13 63 6E 3D 53 54 45 49 4E 42 41 43 48 2C
A..cn=STEINBACH,
0080 : 6F 3D 4D 79 51 41 __ __ __ __ __ __ __ __ __ __ o=MyQA
0086 : }
0086 : }

Which is invalid.

APPLICATION 25 is a IntermediateResponse which is defined as

IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
responseName [0] LDAPOID OPTIONAL,
responseValue [1] OCTET STRING OPTIONAL }

you server seems to be returning

COMPONENTS OF LDAPResult,

inside the response, like other response types do, but
IntermediateResponse does not have these elements as per RFC 3771

Graham.

[Daniel Stutz]

Graham Barr schrieb:

> What server are you using ?

It's a Novell eDirectory 8.7.X
I'm trying to use Novell LDAP Extensions.

Kind regards,
Daniel

[Graham Barr]

On Jul 4, 2008, at 9:12 AM, Daniel Stutz wrote:

> Graham Barr schrieb:
>> What server are you using ?
> It's a Novell eDirectory 8.7.X
> I'm trying to use Novell LDAP Extensions.

Well I suspect that Novell have added some non-standard extensions
that clash with standard ones. Even if they did not clash they
probably would not work with Net::LDAP without modification.

I tried to look at their source but all the download links on their
site download a compressed HTML file instead of the .tar.gz it should
be.

Graham.

[Graham Barr]

On Jul 4, 2008, at 10:18 AM, Graham Barr wrote:

>
> On Jul 4, 2008, at 9:12 AM, Daniel Stutz wrote:
>
>> Graham Barr schrieb:
>>> What server are you using ?
>> It's a Novell eDirectory 8.7.X
>> I'm trying to use Novell LDAP Extensions.
>
> Well I suspect that Novell have added some non-standard extensions
> that clash with standard ones. Even if they did not clash they
> probably would not work with Net::LDAP without modification.

Hm, I just found this

http://209.85.215.104/search?q=cache:K7T6zxLkv_wJ:dsrg.mff.cuni.cz/projects/mono/diffs/showdiff.php%3Fold%3D2007-11-25%26new%3D2006-03-23%26diffIndex%3D1614%26bench%3D+novell+ldap+application+25&hl=en&ct=clnk&cd=4&gl=us&client=safari

Read the comments in the code and it implies that a version of the
server (pre Falcon sp1) did return incorrect responses. I do not know
what pre Falcon sp1 means in terms of version numbers, but I suspect
that maybe you have such a server.

Graham.

[Daniel Stutz]

Thanks for the help. I have switched to a patched server now.
The converter fails now on the next pdu. I can't find the

The type should be:

responseValue ::= SEQUENCE {
eventType INTEGER,
resultCode INTEGER,
eventData OCTET STRING OPTIONAL }

and eventData has the following structure:
generalEventData ::= SEQUENCE {
dstime INTEGER,
milliseconds INTEGER,
curProcess INTEGER,
verb INTEGER,
perpetratorDN OCTET STRING,
integerValues SEQUENCE OF INTEGER,
stringValues SEQUENCE OF OCTET STRING }

Decoding the following data as responseValue fails and I can't see why:
30 84 00 00 00 65 02 01 64 02 01 00 63 84 00 00 0....e..d...c...
00 59 81 04 48 75 9F AA 82 02 00 89 83 01 AA 84 .Y..Hu..........
04 AB 63 1B A0 85 1D 63 6E 3D 76 73 6C 65 73 31 ..c....cn=vsles1
2D 69 31 2C 6F 75 3D 72 65 73 6F 75 72 63 65 2C -i1,ou=resource,
6F 3D 71 61 86 84 00 00 00 06 02 01 00 02 01 FF o=qa............
A7 84 00 00 00 15 04 04 6F 3D 71 61 04 0D 63 6E ........o=qa..cn
3D 61 64 6D 69 6E 2C 6F 3D 71 61 __ __ __ __ __ =admin,o=qa

0000 101: SEQUENCE {
0006 1: INTEGER = 100
0009 1: INTEGER = 0
000C 89: [APPLICATION 3] {
0012 4: [CONTEXT 1]
0014 : 48 75 9F AA __ __ __ __ __ __ __ __ __ __ __ __ Hu..
0018 2: [CONTEXT 2]
001A : 00 89 __ __ __ __ __ __ __ __ __ __ __ __ __ __ ..
001C 1: [CONTEXT 3]
001E : AA __ __ __ __ __ __ __ __ __ __ __ __ __ __ __ .
001F 4: [CONTEXT 4]
0021 : AB 63 1B A0 __ __ __ __ __ __ __ __ __ __ __ __ .c..
0025 29: [CONTEXT 5]
0027 : 63 6E 3D 76 73 6C 65 73 31 2D 69 31 2C 6F 75 3D
cn=vsles1-i1,ou=
0037 : 72 65 73 6F 75 72 63 65 2C 6F 3D 71 61 __ __ __
resource,o=qa
0044 6: [CONTEXT 6]
004A : 02 01 00 02 01 FF __ __ __ __ __ __ __ __ __ __ ......
0050 21: [CONTEXT 7] {
0056 4: STRING = 'o=qa'
005C 13: STRING = 'cn=admin,o=qa'
006B : }
006B : }
006B : }
decode error 12 107 at
/usr/lib/perl5/vendor_perl/5.8.8/Convert/ASN1/_decode.pm line 233,
<DATA> line 228.

Btw: Is there a more appropriate place for asking questions about
Convert::ASN1?

Thank you.

Kind regards,
Daniel

[Graham Barr]

On Jul 7, 2008, at 9:42 AM, Daniel Stutz wrote:

> Thanks for the help. I have switched to a patched server now.
> The converter fails now on the next pdu. I can't find the
>
> The type should be:
>
> responseValue ::= SEQUENCE {
> eventType INTEGER,
> resultCode INTEGER,
> eventData OCTET STRING OPTIONAL }

Looking at the data you got that should be

eventData [APPLICATION 3] OCTET STRING OPTIONAL}

> and eventData has the following structure:
> generalEventData ::= SEQUENCE {
> dstime INTEGER,

dstime [1] INTEGER,
>
> milliseconds INTEGER,
milliseconds [2] INTEGER,
>
> curProcess INTEGER,

curProcess [3] INTEGER,

etc...

Graham.