Maybe the solution is to not stop LDAP, but to redirect it so the apps no
longer work. The LDAP port used for AD is port 389; I would suggest trying
to find a way of altering the port address temporarily on the server in
question, do your "break-it" testing, and set it back afterwards.
You could install a basic personal firewall app on the server (or on the
client that you are testing the app from), open all the ports except port
389. This will effectively make the server look "down" to the applications
you are testing. Then it's easy to just click a button and viola! The port
is open again.
I have not tried doing this with our mixed-mode AD environment, but I know
the facts are solid. We have an Exchange 5.5 box that I had to change the
LDAP port (for Exchange) from port 389 (that Active Directory uses for LDAP)
to some other port because it was a AD domain controller as well.
-Tom Barber
Systems Manager
Alfred State College
Alfred, NY 14802
(607)587-3558
-----Original Message-----
From: Steve Judd [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 8:51 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Stopping LDAP
If you kill LSASS.EXE, the system will catch this event and reboot itself.
You cannot stop the LDAP server on a DC, as it is fundamental to the
existence of the DC.
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mindy Tabin
> Sent: Thursday, August 23, 2001 9:34 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: [ActiveDir] Stopping LDAP
>
>
> The LSASS.EXE process controls LDAP, but that will affect other AD-related
> systems as well.
>
> Mindy Tabin
>
> -----Original Message-----
> From: Fugleberg, David A [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 23, 2001 10:09 AM
> To: [EMAIL PROTECTED]
> Subject: [ActiveDir] Stopping LDAP
>
>
> I'm working with an applications group to test their new LDAP-enabled app.
> As part of their 'break-it' testing in the lab, they wish to simulate the
> failure of the LDAP server (a Win2K DC). Sure, I could just shut
> it down or
> disconnect the network cable, but I was wondering if I can get the same
> result just by stopping a service. Pausing netlogon does not
> seem to do it,
> and there's no separate LDAP server service to stop.
>
> Any ideas ?
>
> Dave Fugleberg
>
> List info: http://www.activedir.org/mail_list.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> List info: http://www.activedir.org/mail_list.htm
> List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
>
List info: http://www.activedir.org/mail_list.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info: http://www.activedir.org/mail_list.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
