Thanks Thank you for enlightening my few neurons :-)
I have in my task list updating the version of Apache DS ... Apache DS start whith an LdapServer on SSL Port : ldapServer = new LdapServer(); ldapServer.setDirectoryService(service); TcpTransport tcpTransport = new TcpTransport(iPort); tcpTransport.enableSSL(useSSL); ldapServer.setTransports(tcpTransport); ... keystorefile and certificate password ... .... ldapServer.start(); I dont understand how a client could send this TLS client close notification whthout start TLS !! I'll let you know if I find the culprit before I lose my last hair !! :-) Thanks, Jean-François Melian ----- Mail original ----- De: "Emmanuel Lécharny" <[email protected]> À: [email protected] Envoyé: Jeudi 6 Janvier 2022 14:05:39 Objet: Re: [ApacheDS] Bad transition from state START_STATE, tag 0x15 Hi! First, v1.5.5 is a nearly 13 years old version... I would strongly encourage you to switch to a more recent version. FTR, 1.5 is not maintained anymore. That beaing said, if it fits your need for 13 years now, I think we did a pretty good job so far ;-) Anyway, the error you've got is not related to LDAP, but is a pb with a TLS message being sent to the server, which is not capable of handling it. The control is properly decoded, as you can see in the beginning of the logs. But the following PDU, starting with : Hexdump: 15 03 03 00 1A 00 00 00 00 00 00 00 05 D8 60 43 97 10 E1 BA 7A 87 29 30 40 28 7D 3C F2 60 92 00 00 is a TLS client close notification (see https://megamorf.gitlab.io/2020/03/03/traffic-analysis-of-a-tls-session/#closing-connection) 15 Alert protocol type 03 03 TLS 1.2 00 1A Message length 26 bytes 00 00 00 00 00 00 00 05 The encryptionIV D8 60 43 97 10 E1 BA 7A 87 29 30 40 28 7D 3C F2 The encoded message 60 92 (the remaing 00 are not part of the message) So basically, nothing to worry about, this is a TLS message that the LDAP server is trying to decode, and fails to do so as expected. I wonder if you have TLS enabled on your server though... On 06/01/2022 10:45, [email protected] wrote: > > Hi, > > we have embedded Apache Directory V1.5.5 in our software for years. > With some of our customers an error occurs without it seeming to interfere > with the operation. > > I dont understand this error. > I have tried to limit the use of PagedResultsControl when this control is not > necessary without result. > > Thanks for your help > > Jean-François Melian > > > 2022.01.03 17:50:36.734 [DEBUG] Decoding the PDU : [cincom-ecm-engine] > [NioProcessor-3] TwixDecoder.java:117 > 2022.01.03 17:50:36.734 [DEBUG] 0x30 0x46 0x02 0x01 0x03 0x42 0x00 0xA0 0x3F > 0x30 0x22 0x04 0x16 0x31 0x2E 0x32 0x2E 0x38 0x34 0x30 0x2E 0x31 0x31 0x33 > 0x35 0x35 0x36 0x2E 0x31 0x2E 0x34 0x2E 0x33 0x31 0x39 0x04 0x08 0x30 0x06 > 0x02 0x02 0x03 0xE8 0x04 0x00 0x30 0x19 0x04 0x17 0x32 0x2E 0x31 0x36 0x2E > 0x38 0x34 0x30 0x2E 0x31 0x2E 0x31 0x31 0x33 0x37 0x33 0x30 0x2E 0x33 0x2E > 0x34 0x2E 0x32 [cincom-ecm-engine] [NioProcessor-3] TwixDecoder.java:131 > 2022.01.03 17:50:36.750 [DEBUG] Decoded LdapMessage : LdapMessage > message Id : 3 > UnBind Request > Control > Control type : '1.2.840.113556.1.4.319' > Criticality : 'false' > Control value : ' Paged Search Control > size : '1000' > cookie : '' > ' > Control > Control type : '2.16.840.1.113730.3.4.2' > Criticality : 'false' > [cincom-ecm-engine] [NioProcessor-3] TwixDecoder.java:138 > 2022.01.03 17:50:36.750 [DEBUG] Transforming LdapMessage <3, UNBIND_REQUEST> > from Twix to Snickers. [cincom-ecm-engine] [NioProcessor-3] > TwixTransformer.java:835 > 2022.01.03 17:50:36.750 [DEBUG] >>>========================================== > [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:741 > 2022.01.03 17:50:36.750 [DEBUG] --> Decoding a PDU [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:742 > 2022.01.03 17:50:36.750 [DEBUG] >>>------------------------------------------ > [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:743 > 2022.01.03 17:50:36.750 [DEBUG] --- State = TAG_STATE_START --- > [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751 > 2022.01.03 17:50:36.750 [DEBUG] current byte : 0x15 [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:757 > 2022.01.03 17:50:36.750 [DEBUG] Tag 0x15 has been decoded [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:123 > 2022.01.03 17:50:36.750 [DEBUG] --- State = LENGTH_STATE_START --- > [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751 > 2022.01.03 17:50:36.750 [DEBUG] current byte : 0x03 [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:757 > 2022.01.03 17:50:36.750 [DEBUG] --- State = LENGTH_STATE_END --- > [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751 > 2022.01.03 17:50:36.750 [DEBUG] current byte : 0x03 [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:757 > 2022.01.03 17:50:36.750 [DEBUG] Parent length : TLV expected length stack : - > null [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:378 > 2022.01.03 17:50:36.750 [DEBUG] Root TLV[3] [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:390 > 2022.01.03 17:50:36.750 [DEBUG] Length 3 has been decoded [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:497 > 2022.01.03 17:50:36.750 [DEBUG] --- State = VALUE_STATE_START --- > [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751 > 2022.01.03 17:50:36.750 [DEBUG] current byte : 0x03 [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:757 > 2022.01.03 17:50:36.750 [DEBUG] --- State = TLV_STATE_DONE --- > [cincom-ecm-engine] [NioProcessor-3] Asn1Decoder.java:751 > 2022.01.03 17:50:36.750 [DEBUG] current byte : 0x00 [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:757 > 2022.01.03 17:50:36.750 [DEBUG] TLV Tree : TLV0x15(3) [cincom-ecm-engine] > [NioProcessor-3] Asn1Decoder.java:160 > 2022.01.03 17:50:36.750 [ERROR] Bad transition from state START_STATE, tag > 0x15 [cincom-ecm-engine] [NioProcessor-3] AbstractGrammar.java:139 > 2022.01.03 17:50:36.750 [WARN ] Unexpected exception forcing session to > close: sending disconnect notice to client. [cincom-ecm-engine] > [NioProcessor-3] LdapProtocolHandler.java:215 > org.apache.mina.filter.codec.ProtocolDecoderException: > org.apache.directory.shared.ldap.message.ResponseCarryingMessageException: > Bad transition ! (Hexdump: 15 03 03 00 1A 00 00 00 00 00 00 00 05 D8 60 43 97 > 10 E1 BA 7A 87 29 30 40 28 7D 3C F2 60 92 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00) > at > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:235) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) > > at > org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(SslHandler.java:278) > > at org.apache.mina.filter.ssl.SslFilter.messageReceived(SslFilter.java:444) > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) > > at > org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) > > at > org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) > > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:638) > > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:598) > > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:587) > > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:61) > > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:969) > > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > at java.lang.Thread.run(Thread.java:748) > Caused by: > org.apache.directory.shared.ldap.message.ResponseCarryingMessageException: > Bad transition ! > at > org.apache.directory.shared.ldap.message.MessageDecoder.decode(MessageDecoder.java:175) > > at > org.apache.directory.shared.asn1.codec.Asn1CodecDecoder.decode(Asn1CodecDecoder.java:53) > > at > org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:225) > > ... 20 common frames omitted > 2022.01.03 17:50:36.750 [DEBUG] Transforming message type EXTENDED_RESP > [cincom-ecm-engine] [NioProcessor-3] TwixTransformer.java:1415 > 2022.01.03 17:50:36.750 [DEBUG] Transformed message : LdapMessage > message Id : 0 > Extended Response > Ldap Result > Result code : (PROTOCOL_ERROR) protocolError > Matched DN : '' > Error message : 'PROTOCOL_ERROR: The server will disconnect!' > Response name :'1.3.6.1.4.1.1466.20036' > Response :'[B@77d31cfc' > [cincom-ecm-engine] [NioProcessor-3] TwixTransformer.java:1478 > 2022.01.03 17:50:36.750 [DEBUG] Encoding this LdapMessage : LdapMessage > message Id : 0 > Extended Response > Ldap Result > Result code : (PROTOCOL_ERROR) protocolError > Matched DN : '' > Error message : 'PROTOCOL_ERROR: The server will disconnect!' > Response name :'1.3.6.1.4.1.1466.20036' > Response :'[B@77d31cfc' > [cincom-ecm-engine] [NioProcessor-3] TwixEncoder.java:122 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > -- *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE T. +33 (0)4 89 97 36 50 P. +33 (0)6 08 33 32 61 [email protected] https://www.busit.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
