Skip navigation
All Places > CA Security > Blog > Authors Icculus

CA Security

2 Posts authored by: Icculus Employee

EEM utillizes the CA Directory dxearch executable as its cheif component for searching through LDAP whether internal or external. The below script can be used to verify if connectivity to LDAP is established and cuts EEM out of the equation on a Linux server.

 

#!/bin/bash
getCurrentTimeInMili() {
  date +'%H 3600 * %M 60 * + %S + 1000 * %N 1000000 / + p' | dc
}

startTime=$(getCurrentTimeInMili)

# do something
# start your script work here
dxsearch -h "ldap-server-name" -p 389 -b "dc=eiamldap,dc=com" -D "cn=user1,ou=searchtest,dc=ldap,dc=com" -w "*******" -z "none" -v "cn=*"
# your logic ends here

endTime=$(getCurrentTimeInMili)

diffTime=$(( $endTime - $startTime ))
echo "Time took for previous dxsearch: $diffTime milliseconds"

 

The above script is owned by the CA Directory dsa account. This provides the end user ability to run the script after sudo and then running 'su - dsa' or equivalent Directory user id.

Used in conjuction with a network sniffer like wireshark you can determine where any delay may lie: authentication or object search.

For more information on using dxsearch, run 'dxsearch --help' as the dsa account.

This script can be put into a loop and have the output recorded to log file for later review.

CAPKI r4.3.4 has been signed off and the builds are available for use in embedded installer components.

Products affected:

EEM via CA Directory R12 all versions prior to SP14.

Any existing CA Directory r12 host (prior to SP14) can apply this CAPKI patch independently.

 

Issues/Vulnerabilities addressed as part of this release:

 

Issue/Vulnerability

Description of the Issue/Vulnerability

CVE-2014-0224

SSL/TLS MITM vulnerability

CVE-2014-0221

DTLS recursion flaw

CVE-2014-3470

Anonymous ECDH denial of service

CVE-2014-0076

Recovering OpenSSL ECDSA Nonces

 

EEM Development will be applying the latest CA Directory R12 SP14 to their install packages during the next development cycle.

If you require this patch immediately, please open a case with CA Support with a business impact and justification.