Reset Search
 

 

Article

KB23378 - LDAP auth failure with the 'ldap_parse_result(): Protocol error; additional info: historical protocol version requested, use LDAPv3 instead' error message

« Go Back

Information

 
Last Modified Date11/23/2015 7:47 PM
Synopsis
This article describes the issue of the LDAP authentication failure, due to LDAP version mismatch.
Problem or Goal
SBR 6.1.2 is configured for LDAP authentication. The Backend LDAP server being used is Linux OpenLDAP. Whenever users try to authenticate to openLDAP via SBR, it fails.

The following messages are noticed in the SBR debug logs (Loglevel is set to 2 in the [settings] section of the ldapauth.aut file):
03/26/2012 22:46:10 LDAPAUTH: ldap_parse_result(): Protocol error; additional info: historical protocol version requested, use LDAPv3 instead
03/26/2012 22:46:10 LDAPAUTH: Failed to bind to LDAP server s1 anonymously (2: Protocol error)
03/26/2012 22:46:10 LDAPAUTH: Disconnected from LDAP server s1
Cause
Solution
The above error message occurs, due to LDAP version mismatch between the SBR device and backend Linux OpenLDAP. The SBR device uses LDAP version 2 to perform the Bind request; but OpenLDAP is not accepting it. It instead expects a Bind request from SBR, which uses LDAP version 3. After configuring the SBR to use LDAP version 3, the issue is resolved.

In the [settings] section of the ldapauth.aut file, add the following entry to instruct the SBR device to use LDAP version 3:
[Settings]
LdapVersion = 3

You can identify the LDAP version, which is being used in SBR, by performing a packet capture; when attempting to authenticate a LDAP user. The following images illustrate the packet captures, when using version 2 and 3. Check the LDAP Bind request packet to identify the LDAP version being used:

LDAP version 2:




LDAP version 3:



 
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255