Incoming BER Element may be misformed

Latest response

Seeing the below error in error log:

ERR - log_ber_too_big_error - conn=1481 fd=68 Incoming BER Element may be misformed. This may indicate an attempt to use TLS on a plaintext port, IE ldaps://localhost:389. Check your client LDAP_URI settings.

Can you please advise what could this error leads to ?

Responses

This error message was introduced in RHDS 10.5. The previous error was a bit misleading. Here is the release note of this change: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.5_release_notes/bug_fixes_authentication_and_interoperability#BZ1445188

The error message itself explains what went wrong: A client tried to send a TLS-encrypted query on a plain-text port (without using STARTTLS). For example, the following command causes the error to appear in the log: $ ldapsearch -D "cn=Directory Manager" -W -H ldaps://server.example.com:389 -b "dc=example,dc=com" -x "(objectclass=inetorgperson)"

The client in this example uses the ldaps protocol, but connects to port 389. To solve this problem, the client should do one of the following: - use the ldap protocol and connect to port 389 (for an unencrypted connection) - use the ldaps protocol and connect to port 636 (for an encrypted connection using TLS) - use the ldap protocol, connect to port 389, and pass the -ZZ parameter to ldapsearch (for an encrypted connection using STARTTLS)

Hi Marc,

Thanks for your response. However I'm unable to find which client is trying to make this connection. But I see this on every Saturday around a particular time. If there is a way to find it out, would be much appreciated.

Thanks