Re: noSuchAttribute??

Mark Wahl (M.Wahl@critical-angle.com)
Wed, 11 Sep 1996 20:06:14 -0500

> you're right! but what means "0x80 0x00" ? I thought that the end of a
> message could (should?) be "0x00 0x00".

I think "0x80 0x00" is zero-length context 0 element, which in this case is
the empty password.

There is no end of message in LDAP. "0x00 0x00" is end-of-contents for
indefinite length encodings, however indefinite length encodings are forbidden
in LDAP; only definite length must be used. The recipient knows by the length
bytes in the outermost element how long the LDAPMessage will be.

> How can it be? Well, I'm pretty happy to see that the server returned a
> success code. But how can I send a wrong protocol and still receive a success
> return code?

Many LDAP servers do not check that incoming messages are strictly-conforming
BER. This is because early versions of the LDAP library did not set tags
correctly.

Are you perhaps using a version of the University of Michigan software
prior to 3.3 as your client library? If so, you should strongly consider
upgrading, as forthcoming server products may not be as lenient, and
may well close the connection or return protocolError for badly-formatted BER
in requests.

Mark Wahl, Enterprise Directory Integration
Critical Angle Incorporated