Error when trying to connect to LDAP with TLS 'LDAP Result Code 201 "ErrorNetwork": Invalid packet format'

huangapple go评论89阅读模式
英文:

Error when trying to connect to LDAP with TLS 'LDAP Result Code 201 "ErrorNetwork": Invalid packet format'

问题

我正在尝试使用LDAP和TLS创建一个身份验证服务,使用http://www.github.com/mavricknz/ldap。当我只使用基本身份验证时,以下代码可以正常工作:

conn := ldap.NewLDAPConnection(ldapHost, ldapPort)

conn.NetworkConnectTimeout = time.Duration(ldapConnTimeout) * time.Millisecond
conn.ReadTimeout = time.Duration(ldapReadTimeout) * time.Millisecond

if err := conn.Connect(); err != nil {
    log.Println(err)
    resp.WriteHeader(http.StatusInternalServerError)
    return
}

defer conn.Close()

// 绑定到LDAP
if err := conn.Bind(username, password); err != nil {
    ldaperr := err.(*ldap.LDAPError)
    if ldaperr.ResultCode == ldap.LDAPResultInvalidCredentials {
        resp.Header().Set("WWW-Authenticate", `Basic realm="Item Codes Database"`)
        resp.WriteHeader(http.StatusUnauthorized)
    } else {
        log.Println(err)
        resp.WriteHeader(http.StatusInternalServerError)
    }
    return
}

但是,当我尝试将TLS应用到我的代码中时,将

conn := ldap.NewLDAPConnection(ldapHost, ldapPort)

改为

ldap.NewLDAPTLSConnection(ldapHost, ldapPort, &tls.Config{})

会出现错误LDAP Result Code 201 "ErrorNetwork": Invalid packet format。这个错误来自于conn.Connect()方法,当我深入研究时,发现它甚至没有到达使用TLS配置或TLS标志的地方。

英文:

I'm trying make an authentication service with LDAP and TLS using http://www.github.com/mavricknz/ldap
When I use only basic authentication using the following code, everything works just fine.

conn := ldap.NewLDAPConnection(ldapHost, ldapPort)

conn.NetworkConnectTimeout = time.Duration(ldapConnTimeout) * time.Millisecond
conn.ReadTimeout = time.Duration(ldapReadTimeout) * time.Millisecond

if err := conn.Connect(); err != nil {
    log.Println(err)
    resp.WriteHeader(http.StatusInternalServerError)
    return
}

defer conn.Close()

// bind to ldap
if err := conn.Bind(username, password); err != nil {
    ldaperr := err.(*ldap.LDAPError)
    if ldaperr.ResultCode == ldap.LDAPResultInvalidCredentials {
        resp.Header().Set("WWW-Authenticate", `Basic realm="Item Codes Database"`)
        resp.WriteHeader(http.StatusUnauthorized)
    } else {
        log.Println(err)
        resp.WriteHeader(http.StatusInternalServerError)
    }
    return
}

but when I try to applying TLS to my code by changing

conn := ldap.NewLDAPConnection(ldapHost, ldapPort)

to

ldap.NewLDAPTLSConnection(ldapHost, ldapPort, &tls.Config{})

It gives me an error LDAP Result Code 201 "ErrorNetwork": Invalid packet format. That error comes from method conn.Connect() which when I dig into it, it didn't even reach the point where the TLS config or TLS flag has been used.

答案1

得分: 0

好的,以下是翻译好的内容:

好的,我找到了解决方案。我需要将LDAP的端口从389更改为使用TLS协议的LDAPS的636。而且,我还必须使用NewLDAPSSLConnection方法来建立隐式的TLS连接。

我不确定为什么NewLDAPTSLConnection不起作用。它使用显式的TLS,需要我们首先建立一个普通连接(使用端口389),然后尝试在该连接上启动TLS。

英文:

Ok, I've found my solution. I need to change the port from ldap's 389 to ldaps' 636 because we use TLS protocol. And I also has to use method NewLDAPSSLConnection instead to establish an implicit TLS connection.

I'm not sure why NewLDAPTSLConnection does not work. It use explicit TLS which require us to establish a normal connection first (which use port 389) and then attempt to start TLS over that connection.

huangapple
  • 本文由 发表于 2015年2月17日 18:27:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/28559806.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定