More MS-CLDAP Craziness

Anthony Liguori aliguor at
Wed May 7 22:55:19 GMT 2003

Here's a little more info about the MS-CLDAP req/res that happens during 
an AD domain join.

The strings in the data blob (see utils/net_ads_cldap.c) are in a strange 
format where each component of a domain name is encoded as an octet 
string.  What's more, sometimes there's this strange 0xc0nn sequence 
instead of a string.

It turns out that sequence follows the message compression guidelines in 
the DNS RFC (rfc1035 4.1.4).  That means that MS-CLDAP really consists of 
LDAPv3 over UDP of a netlogon mailslot request using DNS domain name 
compression.  I don't think Microsoft understands that being standards 
compliment doesn't mean taking bits out of every standard but actually 
following none of them fully :-)

BTW: Neither HEAD nor SAMBA_3_0 seem to be detecting my Heimdal 

Anthony Liguori
Linux/Active Directory Interoperability
Linux Technology Center (LTC) - IBM Austin
E-mail: aliguor at
Phone: (512) 838-1208
Tie Line: 678-1208

More information about the samba-technical mailing list