Overview#

ndstrace showing error code -5875

This error is thrown when the LDAP client doesn't trust the certificate Issuer so most likely is an LDAP clients out there querying EDirectory but never succeed in building up a connection.

You can either try to puzzle the LDAP trace together to get the source IP or you can just run:

tcpdump -s0 -w myLDAPpacketTrace.cap -i any port 636

Open the cap file in wireshark and look for 'Unknown CA'

Below is a typical entry seen:

11 LDAP: [2005/09/17 20:35:26.612] New TLS connection 0xee29a8 from 155.180.166.76:2482, monitor = 0x17, index = 9
23 LDAP: [2005/09/17 20:35:26.612] Monitor 0x17 initiating TLS handshake on connection 0xee29a8
11091 LDAP: [2005/09/17 20:35:26.612] (155.180.166.76:2482)(0x0000:0x00) DoTLSHandshake on connection 0xee29a8

11091 LDAP: [2005/09/17 20:35:26.848] (155.180.166.76:2482)(0x0000:0x00) Completed TLS handshake on connection 0xee29a8
11091 LDAP: [2005/09/17 20:35:26.850] (155.180.166.76:2482)(0x1021:0x60) DoBind on connection 0xee29a8
11091 LDAP: [2005/09/17 20:35:26.850] (155.180.166.76:2482)(0x1021:0x60) Bind name:cn=middlewareAdmin,ou=administration,dc=[Directory-Info.com],dc=net, version:3, authentication:simple
11091 LDAP: [2005/09/17 20:35:26.851] (155.180.166.76:2482)(0x1021:0x60) Sending operation result 0:"":"" to connection 0xee29a8
10930 LDAP: [2005/09/17 20:35:26.853] (155.180.166.76:2482)(0x1022:0x63) DoSearch on connection 0xee29a8
10930 LDAP: [2005/09/17 20:35:26.853] (155.180.166.76:2482)(0x1022:0x63) Search request:
	base: "ou=people,dc=[Directory-Info.com],dc=net"
	scope:0  dereference:0  sizelimit:0  timelimit:0  attrsonly:0
	filter: "(objectClass=*)"
	attribute: "objectClass"
10930 LDAP: [2005/09/17 20:35:26.855] (155.180.166.76:2482)(0x1022:0x63) Sending search result entry "ou=people,dc=[Directory-Info.com],dc=net" to connection 0xee29a8
10930 LDAP: [2005/09/17 20:35:26.855] (155.180.166.76:2482)(0x1022:0x63) Sending operation result 0:"":"" to connection 0xee29a8
11101 LDAP: [2005/09/17 20:35:26.857] (155.180.166.76:2482)(0x1023:0x63) DoSearch on connection 0xee29a8
11101 LDAP: [2005/09/17 20:35:26.857] (155.180.166.76:2482)(0x1023:0x63) Search request:
	base: "ou=people,dc=[Directory-Info.com],dc=net"
	scope:1  dereference:0  sizelimit:100  timelimit:10  attrsonly:0
	filter: "(uid=U305870)"
	attribute: "uid"
11101 LDAP: [2005/09/17 20:35:26.861] (155.180.166.76:2482)(0x1023:0x63) Sending search result entry "uid=U305870,ou=People,dc=[Directory-Info.com],dc=net" to connection 0xee29a8
11101 LDAP: [2005/09/17 20:35:26.861] (155.180.166.76:2482)(0x1023:0x63) Sending operation result 0:"":"" to connection 0xee29a8
23 LDAP: [2005/09/17 20:35:26.863] (155.180.166.76:2482)(0x0000:0x00) TLS read failure 5 on connection 0xee29a8, setting err = -5875. Error stack:
23 LDAP: [2005/09/17 20:35:26.863] Monitor 0x17 found connection 0xee29a8 socket failure, err = -5875, 0 of 0 bytes read
11057 LDAP: [2005/09/17 20:35:26.863] (155.180.166.76:2482)(0x1024:0x42) DoUnbind on connection 0xee29a8
11057 LDAP: [2005/09/17 20:35:26.867] Connection 0xee29a8 closed

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-5) was last changed on 24-Mar-2016 15:29 by jim