Examples of LDAP Enabled snoop In Action

Examples of LDAP Enabled snoop In Action

In the following examples, the protocol exchange between an LDAP client and an LDAP directory server for common LDAP operations is examined. The first example (LDAP search) includes three snoop options. These are:

  • Non-verbose

  • Verbose summary ( -V )

  • Verbose ( -v )

For the other LDAP operations, only the verbose mode is shown.

LDAP Search Request Example

The following is a simple search for an entry with the uid equal to lruble with a search based of dc=example , dc=com . The output shows the matching entry that is returned to the client.

 #  ldapsearch -h veda.example.com -b "dc=example,dc=com" uid=lruble  uid=LRuble,ou=People,dc=example,dc=com mail=lruble@example.com uid=LRuble givenName=Lucy objectClass=top objectClass=person objectclass=inetorgperson sn=Ruble cn=Lucy Ruble # 

Non-verbose LDAP snoop Result

The following is the output of snoop when run without specifying the verbose mode when the previous LDAP search was performed.

 #  snoop ldap vipivot  Using device /dev/hme (promiscuous mode) vipivot -> veda         LDAP C port=32829      vipivot -> veda         LDAP C port=32829  Search Request   neverDerefAliases  veda -> vipivot      LDAP R port=32829         veda -> vipivot      LDAP R port=32829  Search ResEntry  veda -> vipivot  LDAP R port=32829  Search ResDone Success  vipivot -> veda        LDAP C port=32829       vipivot -> veda        LDAP C port=32829       vipivot -> veda        LDAP C port=32829  Unbind Request  vipivot -> veda        LDAP C port=32829          veda -> vipivot     LDAP R port=32829 . . . 

Only the LDAP operation name and result code is displayed as shown in bold. The port number shown is the TCP port, not the LDAP port.

Verbose Summary Mode LDAP Search snoop Result

The following is an abbreviated output when the same search is performed with snoop in the verbose summary mode.

 #  snoop -V ldap vipivot  Using device /dev/hme (promiscuous mode) ________________________________     vipivot -> veda         ETHER Type=0800 (IP), size = 62 bytes    vipivot -> veda       IP  D=129.148.181.130 S=129.148.181.142 LEN=48, ID=11313      vipivot -> veda        TCP D=389 S=32849 Syn Seq=2825400714 Len=0 Win=49640 Options=<mss 1460,nop,nop,sackOK>      vipivot -> veda         LDAP C port=32849 ... vipivot -> veda         LDAP C port=32849  Search Request   neverDerefAliases  . . . 

Verbose LDAP Search snoop Result

The following is the output of a verbose snoop when the same LDAP search is performed. Because of the length of this example, and to show you the different output in specific sections, the snoop trace is divided into several parts .

Part 1 - Ethernet and TCP/IP Packet Information

 #  snoop -v ldap vipivot  Using device /dev/hme (promiscuous mode) ETHER:  ----- Ether Header ----- ETHER: ETHER:  Packet 1 arrived at 14:22:19.03 ETHER:  Packet size = 62 bytes ETHER:  Destination = 8:0:20:8a:e5:71, Sun ETHER:  Source = 8:0:20:ab:be:31, Sun ETHER:  Ethertype = 0800 (IP) .... IP:   ----- IP Header ----- IP:   Version = 4 IP:   Header length = 20 bytes IP:   Protocol = 6 (TCP) IP:   Header checksum = 9c4b IP:   Source address = 129.148.181.142, vipivot IP:   Destination address = 129.148.181.130, veda IP:   No options ... TCP:  ----- TCP Header ----- TCP: TCP:  Source port = 32834 TCP:  Destination port = 389 (LDAP) TCP:  Sequence number = 3301917698 TCP:  Acknowledgement number = 0 TCP:  Data offset = 28 bytes 

Part 2 - LDAP Search Request

 LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation *[APPL 3:  Search Request  ] LDAP:         [Base Object] LDAP:             dc=example,dc=com LDAP:         [Scope] LDAP:          wholeSubtree LDAP:         [DerefAliases] LDAP:          neverDerefAliases LDAP:         [SizeLimit] LDAP:         [TimeLimit] LDAP:         [TypesOnly] LDAP:        Equality Match *[3] LDAP:            [Attr Descr] LDAP:                 uid LDAP:            [Value] LDAP:                 lruble LDAP:        *[Sequence] 

Part 3 - LDAP Search Results

 LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation *[APPL 4:  Search ResEntry  ] LDAP:         [Object Name] LDAP:             uid=LRuble,ou=People,dc=example, LDAP:             dc=com LDAP:        *[Partial Attributes] LDAP:           *[Attribute] LDAP:               [Type] LDAP:                     mail LDAP:              *[Vals] LDAP:                    [Value] LDAP:                         lruble@example.com LDAP:           *[Attribute] LDAP:               [Type] LDAP:                     uid LDAP:              *[Vals] LDAP:                    [Value] LDAP:                         LRuble LDAP:           *[Attribute] LDAP:               [Type] LDAP:                     givenName LDAP:              *[Vals] LDAP:                    [Value] LDAP:                         Lucy 

Part 4 - LDAP Search Results ( continued )

 LDAP:            *[Attribute] LDAP:                [Type] LDAP:                      objectClass LDAP:               *[Vals] LDAP:                     [Value] LDAP:                          top LDAP:                     [Value] LDAP:                          person LDAP:                     [Value] LDAP:                          organizationalPerson LDAP:                     [Value] LDAP:                          inetorgperson LDAP:            *[Attribute] LDAP:                [Type] LDAP:                      sn LDAP:               *[Vals] LDAP:                     [Value] LDAP:                          Ruble LDAP:            *[Attribute] LDAP:                [Type] LDAP:                      cn LDAP:               *[Vals] LDAP:                     [Value] LDAP:                           Lucy Ruble 

Verbose LDAP Add Operation

The following example shows what a verbose snoop of an LDAP add operation would look like.

First, the command that is run:

 #  ldapadd -h veda -D "cn=directory manager" -w dirmanager  dn: uid=truble,ou=people,dc=example,dc=com objectclass: person objectclass: inetorgperson uid: truble cn: Chris Ruble sn: Ruble adding new entry uid=truble,ou=people,dc=example,dc=com ^D 

Next, the snoop trace shows the BIND request and response:

 LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation *[APPL 0:  Bind Request  ] LDAP:         [Version] LDAP:         [Object Name] LDAP:             cn=directory manager LDAP:        Authentication: Simple [0] LDAP:             dirmanager ... LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation *[APPL 1:  Bind Response  ] LDAP:         [Result Code] LDAP:          Success LDAP:         [Matched DN] LDAP:         [Error Message] 

Then, the actual LDAP operation is performed followed by the unbind operation:

 LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation *[APPL 8:  Add Request  ] LDAP:         [Entry] LDAP:             uid=truble,ou=people,dc=example, LDAP:             dc=com LDAP:        *[Attributes] LDAP:           *[Attribute] LDAP:               [Type] LDAP:                     objectclass LDAP:              *[Vals] LDAP:                    [Value] LDAP:                         person LDAP:                    [Value] LDAP:                         inetorgperson LDAP:           *[Attribute] LDAP:               [Type] LDAP:                     uid LDAP:              *[Vals] LDAP:                    [Value] LDAP:                         truble LDAP:           *[Attribute] LDAP:               [Type] LDAP:                     cn LDAP:              *[Vals] LDAP:                    [Value] LDAP:                         Chris Ruble LDAP:           *[Attribute] LDAP:               [Type] LDAP:                     sn LDAP:              *[Vals] LDAP:                    [Value] LDAP:                         Ruble 
 LDAP:     Operation *[APPL 9:  Add Response  ] LDAP:         [Result Code] LDAP:          Success LDAP:         [Matched DN] ... LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation [APPL 2:  Unbind Request  ] 

Verbose snoop Trace of an LDAP Delete Operation

The following command is issued:

 #  ldapdelete -h veda -D "cn=Directory Manager" -w dirmanager "uid=   truble,ou=people,dc=example,dc=com"  

The following is the corresponding snoop output:

 LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation *[APPL 0:  Bind Request  ] LDAP:         [Version] LDAP:         [Object Name] LDAP:             cn=directory manager LDAP:        Authentication: Simple [0] LDAP:             dirmanager ... LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation *[APPL 1:  Bind Response  ] LDAP:         [Result Code] LDAP:          Success LDAP:         [Matched DN] ... LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation [APPL 10:  Del Request  ] LDAP:         uid=truble,ou=people,dc=example,d LDAP:         c=com LDAP: LDAP: ----- Lightweight Directory Access Protocol Header ----- LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation *[APPL 11:  Del Response  ] LDAP:         [Result Code] LDAP:          Success LDAP:         [Matched DN] LDAP:         [Error Message] LDAP: ... LDAP:   *[LDAPMessage] LDAP:      [Message ID] LDAP:     Operation [APPL 2:  Unbind Request  ] 


LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services
LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services
ISBN: 131456938
EAN: N/A
Year: 2005
Pages: 87

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net