More MS-CLDAP Craziness
Anthony Liguori
aliguor at us.ibm.com
Wed May 7 22:55:19 GMT 2003
Here's a little more info about the MS-CLDAP req/res that happens during
an AD domain join.
The strings in the data blob (see utils/net_ads_cldap.c) are in a strange
format where each component of a domain name is encoded as an octet
string. What's more, sometimes there's this strange 0xc0nn sequence
instead of a string.
It turns out that sequence follows the message compression guidelines in
the DNS RFC (rfc1035 4.1.4). That means that MS-CLDAP really consists of
LDAPv3 over UDP of a netlogon mailslot request using DNS domain name
compression. I don't think Microsoft understands that being standards
compliment doesn't mean taking bits out of every standard but actually
following none of them fully :-)
BTW: Neither HEAD nor SAMBA_3_0 seem to be detecting my Heimdal
installation...
Anthony Liguori
Linux/Active Directory Interoperability
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguor at us.ibm.com
Phone: (512) 838-1208
Tie Line: 678-1208
More information about the samba-technical
mailing list