Skip to content
This repository has been archived by the owner on May 14, 2024. It is now read-only.

fix: The DN was created in Chinese, but the AD failed to be created #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: The DN was created in Chinese, but the AD failed to be created #2

wants to merge 1 commit into from

Conversation

Oh-suki
Copy link

@Oh-suki Oh-suki commented Dec 1, 2023

When i try to create AD DN with Chinese, it will show error "Invalid Dn Syntax".
It can't be transcoded. Otherwise it will cause error

jsumners
jsumners suggested changes Dec 1, 2023
View reviewed changes
Copy link
Member

@jsumners jsumners left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are you trying to accomplish? Simply deleting this code is not acceptable.

@Oh-suki
Copy link
Author

Oh-suki commented Dec 1, 2023

I want to create a organizaitonUnit in AD. But i found if DN have 3-byte UTF-8 character will be transcoded.It will block the creation of AD then show the error "Invalid Dn Syntax". If it return original value, it doesn't block the creation of LDAP and AD.

@jsumners
Copy link
Member

jsumners commented Dec 1, 2023

Please provide a minimal reproducible example (MRE). Doing so will help us diagnose your issue. It should be the bare minimum code needed to trigger the issue, and easily runnable without any changes or extra code. Please review the integration tests, e.g. issue-940.test.js, for examples of good MREs.

You may use a GitHub repository to host the code if it is too much to fit in a code block (or two).

@Oh-suki
Copy link
Author

Oh-suki commented Dec 2, 2023

ok. I review some test in test-integration. I found the issue-883.test.js have same issue with me.

I passed wireshark to anaylsis TCP data. I found the DN had been transcoded to HEX. It does work in LDAP. But it doesn't work in Active Directory. Beacuse Active Directory not allow DN transcoded to HEX.

So, I think it need to skip transcode proceedure.

Thanks for the reply.

@jsumners
Copy link
Member

jsumners commented Dec 2, 2023

Can you provide a Wireshark trace file for a failure case? Please use a test account that will not expose sensitive information.

@Oh-suki
Copy link
Author

Oh-suki commented Dec 2, 2023

ok. I save the Wireshark file for a failure_case. You can go to my Repository to download the Wireshark. failure_wireshark_data

You can open the file with Wireshark then input "ip.addr == 192.168.0.43" to filter data. Then you will see the info have addRequest and addResponse.

@jsumners
Copy link
Member

jsumners commented Dec 3, 2023

I suspect this is the same issue as ldapjs/filter#9 (comment). The hex dump for the invalid LDAP message is:

0000   30 81 89 02 01 02 68 81 83 04 3f 6f 75 3d 5c 65   0.....h...?ou=\e
0010   37 5c 61 30 5c 39 34 5c 65 35 5c 38 66 5c 39 31   7\a0\94\e5\8f\91
0020   5c 65 34 5c 62 61 5c 38 63 5c 65 39 5c 38 33 5c   \e4\ba\8c\e9\83\
0030   61 38 2c 44 43 3d 61 64 2c 44 43 3d 69 64 6d 65   a8,DC=ad,DC=idme
0040   73 68 2c 44 43 3d 73 69 74 65 30 40 30 14 04 02   sh,DC=site0@0...
0050   6f 75 31 0e 04 0c e7 a0 94 e5 8f 91 e4 ba 8c e9   ou1.............
0060   83 a8 30 28 04 0b 6f 62 6a 65 63 74 63 6c 61 73   ..0(..objectclas
0070   73 31 19 04 03 74 6f 70 04 12 6f 72 67 61 6e 69   s1...top..organi
0080   7a 61 74 69 6f 6e 61 6c 55 6e 69 74               zationalUnit

@dddddd889 dddddd889 mentioned this pull request Apr 18, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jsumners jsumners jsumners requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Oh-suki @jsumners