Protocol errors with Novell eDirectory 8.8

General Discussion about LDAP Administrator

Moderator: Support

Protocol errors with Novell eDirectory 8.8

Postby steveg » Tue Jul 25, 2006 6:46 am

Hi,
We're testing LDAP administrator with Novell's eDirectory version 8.8 and are getting protocol errors on quite a number of operations:

- deletes
- exports
- searches with "ManageDsaIt" enabled in the Server menu

It seems to be related to the ManageDsaIt control which is set on all of the above operations. All worked fine with eDir 8.7.3, and the problem cannot be reproduced when the same request is made with the perl Net::LDAP module.

I've logged the problem with Novell but wondered if anyone had come across it before. It makes LDAP administrator next to useless with eDirectory 8.8.

Regards
Steve
steveg
 
Posts: 3
Joined: Tue Jul 25, 2006 6:39 am

Postby Support » Wed Aug 16, 2006 8:24 am

Novell has published an article explaining the problem.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby Support » Tue Aug 22, 2006 5:40 pm

We've just become aware that a fix is available from Microsoft support.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby steveg » Fri Aug 25, 2006 6:03 am

I tried installing that hotfix and the problem still exists, I'm still getting protocol errors.

Novell provided the following response:

There seems to be a problem in the control send by the ldapadministrator tool. MANAGEDSAIT control does not expect a control value, but looks like the ldapadministrator tool is sending the request with some control value. This is causing the protocol error. The code that checks this particular condition is added in eDir 8.8 and it is not available in eDir 8.7.3. Hence the tool does not show any issue with eDir 8.7.3.

For every delete and export operation, the tool is requesting a search/read with a managedsait control. The control is non-critical; however, the control value is not null. eDir LDAP server works fine if the control value is set to null. ldapsearch with -M options does this and it works fine.

The best solution would be to fix this in the ldapadministrator tool itself.


Is there anything you can do on the LDAP administrator side to prevent this problem?
steveg
 
Posts: 3
Joined: Tue Jul 25, 2006 6:39 am

Postby Support » Mon Aug 28, 2006 10:32 am

We are working on a build that would include a workaround for this issue. We expect it to be ready during a week. We'll post a link to the build with a workaround in this thread when the build is ready.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby Support » Tue Sep 05, 2006 10:57 am

A build with a workaround is now available. Note, we just commented out the ManageDsaIT control usage in the code, and the actual problem is behind LDAP Administrator. Further status of the bug is unclear. Either Microsoft or Novell should modify their code to truly eliminate the issue.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

RE:Protocol errors with Novell eDirectory 8.8

Postby jwilleke » Thu Jan 04, 2007 11:59 am

Problem still exist with LDAP Administrator 3.4

Is there a fix?

And it is not JUST with deletions, it also occurs with exports of data.

Any help would be appreciated.
jwilleke
 
Posts: 21
Joined: Sun Jan 05, 2003 11:43 am

Postby Support » Thu Jan 04, 2007 12:25 pm

The issue is beyond LDAP Administrator software. MS LDAP API (wldap32.dll) sends a not completely valid LDAP Message and Novell engineers has decided to introduce a stricter parsing since version 8.8 SP1.

We've opened a support ticket at MS Support site and we are waiting for MS to comment or fix this issue. Until that we are not going to change our code which is absolutely correct.

While status of this issue is unknown we suggest you use a 3.3.1 "workaround" build (see link above) .
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby jwilleke » Thu Jan 04, 2007 1:08 pm

I guess I am confused.
Your program is sending an invalid request.

The fact that you choose to use wldap32.dll for your program is well, your choice.

To say your "code" is correct when it is sending an invalid request shows your program is at fault.

-jim
jwilleke
 
Posts: 21
Joined: Sun Jan 05, 2003 11:43 am

Postby Support » Thu Jan 04, 2007 1:51 pm

Your program is sending an invalid request

LDAP Administrator neither assembles nor disassembles LDAPMessage envelopes that go between client and server. I just just prepares necessary parameters and executes ldap_search_ex API call as necessary. On-wire things are cooked inside wldap32.dll. For low-level details please read a post at google groups.

The fact that you choose to use wldap32.dll for your program is well, your choice.

Yes, that was our choice. There are not so many options though. WLDAP32 has its bugs, but other APIs (the list is really small BTW) have their own problems like bad performance, absence of multithreading support and no SASL authentication support on Windows.

Why you don't want to use the "workaround" build? There are not so many critical changes between 3.3.1 and 3.4 for those working with eDirectory.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby jwilleke » Fri Jan 05, 2007 11:33 am

FYI: The hotfix is fixes included in Windows XP Service Pack 2 and therefore it apparently is therefore not effective.
http://support.microsoft.com/kb/811113

I understand what you are saying about LDAP administrator, but I purchased a program to do things with. The program has issues, regardless of the fact that you wish to blame someone else.

I guess I will have to go to the older versions as suggested.

Any ideas on when MS will address the issue?

Thanks
-jim
jwilleke
 
Posts: 21
Joined: Sun Jan 05, 2003 11:43 am

Postby Support » Fri Jan 05, 2007 2:01 pm

Code: Select all
FYI: The hotfix is fixes included in Windows XP Service Pack 2 and therefore it apparently is therefore not effective.
http://support.microsoft.com/kb/811113


Do you mean this issue? While the cause is very similar it's not a fix for the eDirectory case - it's a fix for another bug that we saw and reported (see item 4) a few years ago.

Code: Select all
Any ideas on when MS will address the issue?


As I said we've open a support ticket and I know that Novell folks had some conversation with MS support as well. By now we've been waiting for 4+ month. I guess next week we'll be trying to get the status update.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby jwilleke » Sun Jan 07, 2007 7:14 am

The fix you (and Novell) reference as a fix for, what appears to be, this issue:
[We've just become aware that a fix is available from Microsoft support.]

is http://support.microsoft.com/kb/841461/.

This is listed as being included in SP2 as referenced on this page:
http://support.microsoft.com/kb/811113/

-jim[/quote]
jwilleke
 
Posts: 21
Joined: Sun Jan 05, 2003 11:43 am


Return to General Discussion

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

cron