Solved: CSS keepalive script for LDAP

y.lo · ‎02-18-2010

I am trying to write a script for detecting the status of an LDAP server on a CSS. I figured out that I should capture the binary send and receive data of the LDAP query. I captured the request and response packets. But I have no idea of which part of the binary data (and how) I should put into the stock LDAP keepalive script. Could someone put me in the right direction?

Thanks a lot.

Daniel

Gilles Dufour · ‎02-18-2010

Just look at the existing ldap script

CSS11503-2# sho script ap-kal-ldap
!no echo
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Filename: ap-kal-ldap
! Parameters: HostName
!
! Description:    "Lightweight Directory Access Protocol v3"
!   This script will connect to an LDAP server and attempt to
!   "bind request" to the server. Once the server gives a
!   positive response we will disconnect (RFC-2251).
!
! Bind Response Code we will search for is: 0x0a 0x01 0x00
!
! Failure Upon:
!   1. Not establishing a connection with the host.
!       2. Failure to receive the above response code.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

! Make sure the user has a qualified number of arguments
if ${ARGS}[#] "NEQ" "1"
echo "Usage: ap-kal-ldap \'Hostname\'"
exit script 1
endbranch

! Defines:
set HostName "${ARGS}[1]"

set EXIT_MSG "Connection Failed"
! Connect to the remote host (use default timeout)
socket connect host ${HostName} port 389 tcp 2000

set EXIT_MSG "Send: Failure"
! Send a Bind Request to the remote host. This is simply a standard
! "capture" of a bind request in hex. This should work for all standard
! version 3 LDAP servers.
socket send ${SOCKET} "300c020102600702010204008000" raw

set EXIT_MSG "Recieve: Failure"
! Expect to receive a standard response from the host. This should
! be equal to a SUCCESS response code:
socket waitfor ${SOCKET} "0a0100" 2000 raw

set EXIT_MSG "Send: Failure"
! Send an exit "Unbind Request" to the remote host so that they
! are not left hanging.
socket send ${SOCKET} "30050201034200" raw

no set EXIT_MSG
socket disconnect ${SOCKET}

exit script 0

CSS11503-2#

In red, you see the command to send the binary (this includes everything inside the tcp payload - after the tcp header).

In blue, you see the command to inspect received data and consider the response valid if the sequence is seens somewhere in the tcp payload of the response.

Gilles.

View solution in original post

Gilles Dufour · ‎02-18-2010

Just look at the existing ldap script

CSS11503-2# sho script ap-kal-ldap
!no echo
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
! Filename: ap-kal-ldap
! Parameters: HostName
!
! Description:    "Lightweight Directory Access Protocol v3"
!   This script will connect to an LDAP server and attempt to
!   "bind request" to the server. Once the server gives a
!   positive response we will disconnect (RFC-2251).
!
! Bind Response Code we will search for is: 0x0a 0x01 0x00
!
! Failure Upon:
!   1. Not establishing a connection with the host.
!       2. Failure to receive the above response code.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

! Make sure the user has a qualified number of arguments
if ${ARGS}[#] "NEQ" "1"
echo "Usage: ap-kal-ldap \'Hostname\'"
exit script 1
endbranch

! Defines:
set HostName "${ARGS}[1]"

set EXIT_MSG "Connection Failed"
! Connect to the remote host (use default timeout)
socket connect host ${HostName} port 389 tcp 2000

set EXIT_MSG "Send: Failure"
! Send a Bind Request to the remote host. This is simply a standard
! "capture" of a bind request in hex. This should work for all standard
! version 3 LDAP servers.
socket send ${SOCKET} "300c020102600702010204008000" raw

set EXIT_MSG "Recieve: Failure"
! Expect to receive a standard response from the host. This should
! be equal to a SUCCESS response code:
socket waitfor ${SOCKET} "0a0100" 2000 raw

set EXIT_MSG "Send: Failure"
! Send an exit "Unbind Request" to the remote host so that they
! are not left hanging.
socket send ${SOCKET} "30050201034200" raw

no set EXIT_MSG
socket disconnect ${SOCKET}

exit script 0

CSS11503-2#

In red, you see the command to send the binary (this includes everything inside the tcp payload - after the tcp header).

In blue, you see the command to inspect received data and consider the response valid if the sequence is seens somewhere in the tcp payload of the response.

Gilles.

y.lo · ‎02-18-2010

You solved my problem. Thanks a lot!