Ask Your Question

Revision history [back]

Is it possible to decode LDAP as ldapsearch command?

I'm trying to configure LDAP authentication for an application we've installed (currently TLS is off for debugging):

  • It's not authenticating
  • The configuration page has terminology I don't understand
  • The error message it prints doesn't explain the problem very well

I'd like to reproduce the problem using equivalent ldapsearch commands, but trying to put together the arguments from the LDAP packet dissection is tedious and error-prone.

Is there a template for wireshark that will "just do it", printing something like this?

  ldapsearch -H ldap://1.2.3.4 -p 389 -D "$binddn" -w '$password' -b "$searchbase" \
        -s $scope "$other_options[@]" "$filter" "$attributes"

I attempted to do something in bash:

tcpdump -w d.pcap -i any port 389

tshark -r d.pcap -q -z follow,tcp,raw,0 2> /dev/null | gawk 'BEGIN{cmd="xxd -p -r"};NR>6 && !/^=/{print $1 | cmd;close(cmd)}' > d.bin

openssl asn1parse -inform DER -in d.bin | awk '.......'

But alas, awk is not up to the task.

Thanks!

click to hide/show revision 2
None

Is it possible to decode LDAP as ldapsearch command?

I'm trying to configure LDAP authentication for an application we've installed (currently TLS is off for debugging):

  • It's not authenticating
  • The configuration page has terminology I don't understand
  • The error message it prints doesn't explain the problem very well

I'd like to reproduce the problem using equivalent ldapsearch commands, but trying to put together the arguments from the LDAP packet dissection is tedious and error-prone.

Is there a template for wireshark that will "just do it", printing something like this?

  ldapsearch -H ldap://1.2.3.4 -p 389 -D "$binddn" -w '$password' -b "$searchbase" \
        -s $scope "$other_options[@]" "$filter" "$attributes"

I attempted to do something in bash:

tcpdump -w d.pcap -i any port 389

tshark -r d.pcap -q -z follow,tcp,raw,0 2> /dev/null | gawk 'BEGIN{cmd="xxd -p -r"};NR>6 && !/^=/{print $1 | cmd;close(cmd)}' > d.bin

openssl asn1parse -inform DER -in d.bin | awk '.......'

But alas, awk is not up to the task.

Thanks!