Hi!
First, v1.5.5 is a nearly 13 years old version... I would strongly
encourage you to switch to a more recent version. FTR, 1.5 is not
maintained anymore.
That beaing said, if it fits your need for 13 years now, I think we did
a pretty good job so far ;-)
Anyway, the error you've got is not related to LDAP, but is a pb with a
TLS message being sent to the server, which is not capable of handling it.
The control is properly decoded, as you can see in the beginning of the
logs. But the following PDU, starting with :
Hexdump: 15 03 03 00 1A 00 00 00 00 00 00 00 05 D8 60 43 97 10 E1 BA 7A
87 29 30 40 28 7D 3C F2 60 92 00 00
is a TLS client close notification (see
https://megamorf.gitlab.io/2020/03/03/traffic-analysis-of-a-tls-session/#closing-connection)
15 Alert protocol type
03 03 TLS 1.2
00 1A Message length 26 bytes
00 00 00 00 00 00 00 05 The encryptionIV
D8 60 43 97 10 E1 BA 7A
87 29 30 40 28 7D 3C F2 The encoded message
60 92
(the remaing 00 are not part of the message)
So basically, nothing to worry about, this is a TLS message that the
LDAP server is trying to decode, and fails to do so as expected. I
wonder if you have TLS enabled on your server though...
On 06/01/2022 10:45, [email protected] wrote:
Hi,
we have embedded Apache Directory V1.5.5 in our software for years.
With some of our customers an error occurs without it seeming to interfere with
the operation.
I dont understand this error.
I have tried to limit the use of PagedResultsControl when this control is not
necessary without result.
Thanks for your help
Jean-François Melian
2022.01.03 17:50:36.734 [DEBUG] Decoding the PDU : [cincom-ecm-engine]
[NioProcessor-3] TwixDecoder.java:117
2022.01.03 17:50:36.734 [DEBUG] 0x30 0x46 0x02 0x01 0x03 0x42 0x00 0xA0 0x3F
0x30 0x22 0x04 0x16 0x31 0x2E 0x32 0x2E 0x38 0x34 0x30 0x2E 0x31 0x31 0x33 0x35
0x35 0x36 0x2E 0x31 0x2E 0x34 0x2E 0x33 0x31 0x39 0x04 0x08 0x30 0x06 0x02 0x02
0x03 0xE8 0x04 0x00 0x30 0x19 0x04 0x17 0x32 0x2E 0x31 0x36 0x2E 0x38 0x34 0x30
0x2E 0x31 0x2E 0x31 0x31 0x33 0x37 0x33 0x30 0x2E 0x33 0x2E 0x34 0x2E 0x32
[cincom-ecm-engine] [NioProcessor-3] TwixDecoder.java:131
2022.01.03 17:50:36.750 [DEBUG] Decoded LdapMessage : LdapMessage
message Id : 3
UnBind Request
Control
Control type : '1.2.840.113556.1.4.319'
Criticality : 'false'
Control value : ' Paged Search Control
size : '1000'
cookie : ''
'
Control
Control type : '2.16.840.1.113730.3.4.2'
Criticality : 'false'
[cincom-ecm-engine] [NioProcessor-3] TwixDecoder.java:138
2022.01.03 17:50:36.750 [DEBUG] Transforming LdapMessage <3, UNBIND_REQUEST>
from Twix to Snickers. [cincom-ecm-engine] [NioProcessor-3] TwixTransformer.java:835
2022.01.03 17:50:36.750 [DEBUG] >>>==========================================
[cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:741
2022.01.03 17:50:36.750 [DEBUG] --> Decoding a PDU [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:742
2022.01.03 17:50:36.750 [DEBUG] >>>------------------------------------------
[cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:743
2022.01.03 17:50:36.750 [DEBUG] --- State = TAG_STATE_START ---
[cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751
2022.01.03 17:50:36.750 [DEBUG] current byte : 0x15 [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:757
2022.01.03 17:50:36.750 [DEBUG] Tag 0x15 has been decoded [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:123
2022.01.03 17:50:36.750 [DEBUG] --- State = LENGTH_STATE_START ---
[cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751
2022.01.03 17:50:36.750 [DEBUG] current byte : 0x03 [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:757
2022.01.03 17:50:36.750 [DEBUG] --- State = LENGTH_STATE_END ---
[cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751
2022.01.03 17:50:36.750 [DEBUG] current byte : 0x03 [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:757
2022.01.03 17:50:36.750 [DEBUG] Parent length : TLV expected length stack : -
null [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:378
2022.01.03 17:50:36.750 [DEBUG] Root TLV[3] [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:390
2022.01.03 17:50:36.750 [DEBUG] Length 3 has been decoded [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:497
2022.01.03 17:50:36.750 [DEBUG] --- State = VALUE_STATE_START ---
[cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751
2022.01.03 17:50:36.750 [DEBUG] current byte : 0x03 [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:757
2022.01.03 17:50:36.750 [DEBUG] --- State = TLV_STATE_DONE ---
[cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751
2022.01.03 17:50:36.750 [DEBUG] current byte : 0x00 [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:757
2022.01.03 17:50:36.750 [DEBUG] TLV Tree : TLV0x15(3) [cincom-ecm-engine]
[NioProcessor-3] Asn1Decoder.java:160
2022.01.03 17:50:36.750 [ERROR] Bad transition from state START_STATE, tag 0x15
[cincom-ecm-engine] [NioProcessor-3] AbstractGrammar.java:139
2022.01.03 17:50:36.750 [WARN ] Unexpected exception forcing session to close:
sending disconnect notice to client. [cincom-ecm-engine] [NioProcessor-3]
LdapProtocolHandler.java:215
org.apache.mina.filter.codec.ProtocolDecoderException:
org.apache.directory.shared.ldap.message.ResponseCarryingMessageException: Bad
transition ! (Hexdump: 15 03 03 00 1A 00 00 00 00 00 00 00 05 D8 60 43 97 10 E1
BA 7A 87 29 30 40 28 7D 3C F2 60 92 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00)
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:235)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
at
org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(SslHandler.java:278)
at
org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:444)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:638)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:598)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:587)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:61)
at
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:969)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by:
org.apache.directory.shared.ldap.message.ResponseCarryingMessageException: Bad
transition !
at
org.apache.directory.shared.ldap.message.MessageDecoder.decode(MessageDecoder.java:175)
at
org.apache.directory.shared.asn1.codec.Asn1CodecDecoder.decode(Asn1CodecDecoder.java:53)
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:225)
... 20 common frames omitted
2022.01.03 17:50:36.750 [DEBUG] Transforming message type EXTENDED_RESP
[cincom-ecm-engine] [NioProcessor-3] TwixTransformer.java:1415
2022.01.03 17:50:36.750 [DEBUG] Transformed message : LdapMessage
message Id : 0
Extended Response
Ldap Result
Result code : (PROTOCOL_ERROR) protocolError
Matched DN : ''
Error message : 'PROTOCOL_ERROR: The server will disconnect!'
Response name :'1.3.6.1.4.1.1466.20036'
Response :'[B@77d31cfc'
[cincom-ecm-engine] [NioProcessor-3] TwixTransformer.java:1478
2022.01.03 17:50:36.750 [DEBUG] Encoding this LdapMessage : LdapMessage
message Id : 0
Extended Response
Ldap Result
Result code : (PROTOCOL_ERROR) protocolError
Matched DN : ''
Error message : 'PROTOCOL_ERROR: The server will disconnect!'
Response name :'1.3.6.1.4.1.1466.20036'
Response :'[B@77d31cfc'
[cincom-ecm-engine] [NioProcessor-3] TwixEncoder.java:122
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
[email protected] https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
