Full_Name: Leo Tohill
OS: Windows 10
Submission from: (NULL) (188.8.131.52)
Summary: openldap 2.4.30 does not accommodate multi-byte length value on bind
First, I'll admit that I'm out of my depth here, I'm running a older version,
I'm on Windows, and my package was built by I don't know. But I worked hard
enough to track this down that I want you to know what I found. I might
upgrade, but that's problematic.
At some point my bindings from .net began failing with "the username or password
is incorrect" But they were correct. I could confirm with various other tools.
I captured the wire traffic to isolate the problem. It turns out that Windows
forms the binding request using a multi-byte length indicator in the request.
OpenLdap apparently does not accommodate this. I compared to a request
generated by ldapsearch.exe. That request, which succeeds, varies only by
using a single-byte length indicator.
The multi-byte length value should be allowed, right? Isn't it possible to have
a bind request data packet of length > 127? Which would require a multi-byte
length value. Perhaps this was fixed in a later version.
Screenshots of the wire capture here:
Thanks for any comments.