douweida2878
2015-02-17 10:27 阅读 593
已采纳

尝试使用TLS连接到LDAP时出错“ LDAP结果代码201“ ErrorNetwork”:无效的数据包格式”

I'm trying make an authentication service with LDAP and TLS using http://www.github.com/mavricknz/ldap When I use only basic authentication using the following code, everything works just fine.

conn := ldap.NewLDAPConnection(ldapHost, ldapPort)

conn.NetworkConnectTimeout = time.Duration(ldapConnTimeout) * time.Millisecond
conn.ReadTimeout = time.Duration(ldapReadTimeout) * time.Millisecond

if err := conn.Connect(); err != nil {
    log.Println(err)
    resp.WriteHeader(http.StatusInternalServerError)
    return
}

defer conn.Close()

// bind to ldap
if err := conn.Bind(username, password); err != nil {
    ldaperr := err.(*ldap.LDAPError)
    if ldaperr.ResultCode == ldap.LDAPResultInvalidCredentials {
        resp.Header().Set("WWW-Authenticate", `Basic realm="Item Codes Database"`)
        resp.WriteHeader(http.StatusUnauthorized)
    } else {
        log.Println(err)
        resp.WriteHeader(http.StatusInternalServerError)
    }
    return
}

but when I try to applying TLS to my code by changing

conn := ldap.NewLDAPConnection(ldapHost, ldapPort)

to

ldap.NewLDAPTLSConnection(ldapHost, ldapPort, &tls.Config{})

It gives me an error LDAP Result Code 201 "ErrorNetwork": Invalid packet format. That error comes from method conn.Connect() which when I dig into it, it didn't even reach the point where the TLS config or TLS flag has been used.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    douyue8191 douyue8191 2015-02-28 04:35

    Ok, I've found my solution. I need to change the port from ldap's 389 to ldaps' 636 because we use TLS protocol. And I also has to use method NewLDAPSSLConnection instead to establish an implicit TLS connection.

    I'm not sure why NewLDAPTSLConnection does not work. It use explicit TLS which require us to establish a normal connection first (which use port 389) and then attempt to start TLS over that connection.

    点赞 评论 复制链接分享

相关推荐