Hi, i have a problem with synching my AD Users. Everything seems to be fine, login ist ok, DS can reach AD, in a tcpdump i see a search request from the DS, but afterwards there is an answer from the AD server that says "Can''t parse message ID: Wrong type for that item" the full initialization is reported as "sucessful" but no AD users show up in the DS anybdoy has an idea what i did wrong ? Regards soeren Soeren Malchow Head of Central Technical Services Interone Worldwide GmbH Schulterblatt 58 20357 Hamburg T +49.40.43 29 69 - 547 F +49.40.43 29 69 - 90 mailto:soeren.malchow@interone.de http://www.interone.de NOTE: Information contained in this message is confidential and may be legally privileged. If you are not the adressee indicated in this message (or responsible for the delivery of the message to such person), you may not copy, disclose or deliver this message or any part of it to anyone, in any form. In such case, you should delete this message and kindly notify the sender by reply Email. Opinions, conclusions and other information in this message that does not relate to the official business of BBDO Germany shall be understood as neither given nor endorsed by it.
Sören Malchow wrote:> i have a problem with synching my AD Users. > > Everything seems to be fine, login ist ok, DS can reach AD, in a > tcpdump i see a search request from the DS, but afterwards there is an > answer from the AD server that says > > "Can''t parse message ID: Wrong type for that item"Hi, can you post a bit more information about this ? Where exactly do you see that message ?
Hi,
i can see this message when duming network traffic between DS and AD, and
when i look at the dump with ethereal this message shows up thousands of
time.
Ok one after another
1. DS uses the AD user i used for sync to successfully bind to AD
2. The DS issues a search request for the correct Base DN
3. AD answers
- 1. answer seems to be search result
- 2. - nth answer seems to be individual CNs, but in this case i
can see either
"Can''t parse message ID: Wrong type for that
item"
prepended by "Invalid LDAP packet"
or
"Can''t parse sequence header: Wrong type for that
item"
prepended by "Invalid LDAP message"
in ethereal.
It seems as if it is not on the TCP Layer cause SYN packet look good and
ACK later on as well
soeren
David Boreham <david_list@boreham.org>
Sent by: fedora-directory-users-bounces@redhat.com
02.02.2006 16:50
Please respond to
david_list@boreham.org; Please respond to
"General discussion list for the Fedora Directory server project."
<fedora-directory-users@redhat.com>
To
"General discussion list for the Fedora Directory server project."
<fedora-directory-users@redhat.com>
cc
Subject
Re: [Fedora-directory-users] Problem with WindowsSync
Sören Malchow wrote:
> i have a problem with synching my AD Users.
>
> Everything seems to be fine, login ist ok, DS can reach AD, in a
> tcpdump i see a search request from the DS, but afterwards there is an
> answer from the AD server that says
>
> "Can''t parse message ID: Wrong type for that item"
Hi, can you post a bit more information about this ?
Where exactly do you see that message ?
--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Sören Malchow wrote:> > i can see this message when duming network traffic between DS and AD, > and when i look at the dump with ethereal this message shows up > thousands of time. > > Ok one after another > > 1. DS uses the AD user i used for sync to successfully bind to AD > > 2. The DS issues a search request for the correct Base DN > > 3. AD answers > > - 1. answer seems to be search result > - 2. - nth answer seems to be individual CNs, but in this case > i can see either > > "Can''t parse message ID: Wrong type for that item" > prepended by "Invalid LDAP packet" > or > "Can''t parse sequence header: Wrong type for that > item" prepended by "Invalid LDAP message" > > in ethereal. >Ah, I see. I''d suspect a bug in ethereal : I''ve used it to decode the protocol stream between FDS and AD more times than I can remember, and haven''t seen that error. It''s as if ethereal is not decoding the packet correctly. Are you running a recent version of ethereal ?
Yes i am running 0.10.13, which is almost the newest i think. Do you have any other idea how to debug this issue, since there is nothing in the logs. soeren David Boreham <david_list@boreham.org> Sent by: fedora-directory-users-bounces@redhat.com 03.02.2006 16:45 Please respond to david_list@boreham.org; Please respond to "General discussion list for the Fedora Directory server project." <fedora-directory-users@redhat.com> To "General discussion list for the Fedora Directory server project." <fedora-directory-users@redhat.com> cc Subject Re: [Fedora-directory-users] Problem with WindowsSync Sören Malchow wrote:> > i can see this message when duming network traffic between DS and AD, > and when i look at the dump with ethereal this message shows up > thousands of time. > > Ok one after another > > 1. DS uses the AD user i used for sync to successfully bind to AD > > 2. The DS issues a search request for the correct Base DN > > 3. AD answers > > - 1. answer seems to be search result > - 2. - nth answer seems to be individual CNs, but in this case > i can see either > > "Can''t parse message ID: Wrong type for that item" > prepended by "Invalid LDAP packet" > or > "Can''t parse sequence header: Wrong type for that > item" prepended by "Invalid LDAP message" > > in ethereal. >Ah, I see. I''d suspect a bug in ethereal : I''ve used it to decode the protocol stream between FDS and AD more times than I can remember, and haven''t seen that error. It''s as if ethereal is not decoding the packet correctly. Are you running a recent version of ethereal ? -- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users