Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
0
Helpful
3
Replies

CSS keepalive script for LDAP (Novell)

david.wu
Level 1
Level 1

‎12-08-2003 11:42 AM

I need an advanced script for Cisco CSS11000 for LDAP keepalive. The problem is the built-in script is too rudimental, what it does is just check the tcp 389 connection to the servers plus some expected bind response code "0A, 01, 00". But what happened for us is when the LDAP server (Novell) is doing DS repair, in which the server is too busy to handle the real LDAP call but still reply the tcp 389 request, CSS think it is still alive.

We want a smart script that can handle real LDAP call (like a LDAP client) and send a real LDAP request instead of a simple tcp 389 request. Does anyone have any idea?

Thanks in advance,

Thanks in advance,

Dave

Labels:
0 Helpful
3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

‎12-09-2003 02:27 AM

with the CSS script language you can send binary data and receive binary response.

If you know what port to send the request to, what are the binary data and what is the expected binary response, we can easily do a script for you.

The easiest way to get the binary info is to make a LDAP query and capture it with sniffer.

Also capture the response.

Make sure to do a query that will always result in the same response.

Once you have this data, you can try to update the ldap script yourself [hint: use the raw keyword when sending the data].

Or post the info here and will try to make a script for you.

Gilles.

0 Helpful

david.wu
Level 1
Level 1
In response to Gilles Dufour

‎12-09-2003 10:40 AM

Thanks Gilles.

This does help.

I captured the packets, I am trying to modify the script. Couple questions re the script.

I am okay to edit the "socket send" value, which is my tcp search request. What should I use for the "socket waitfor" value? I tried LDAP successful code "0a0100". But I got the failure. I tried use offset as well, but from the trace, offsets are different for each packet.

Thanks in advance,

David

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to david.wu

‎12-10-2003 01:26 AM

you should indeed use socket waitfor for the response.

Once again, put the raw keyword at the end and also increase the TCP timeout to 1000msec or more if necessary.

Capture sniffer traces to make sure the CSS sends the right data and receives the right response.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card