There isn't really a way to do it without attempting to connect. Also,
remember that SSL has to be negotiated between the client and server. The
server may be perfectly capable of doing SSL, but if the client doesn't
trust the server's certificate or attempts to contact the server with a name
that does not match the name of the server in the certificate, the client
may choose to reject the attempt to connect via SSL, whereas another client
might not have the same objections.
You have to try it.
Also, the DC doesn't publish anything that you can query, say via RootDSE,
to state whether it supports LDAPS or not (at least nothing that I've every
heard of...).
Joe K.
----- Original Message -----
From: "David Loder" <[EMAIL PROTECTED]>
To: <ActiveDir@mail.activedir.org>
Sent: Thursday, October 05, 2006 2:56 PM
Subject: [ActiveDir] Discovering LDAPS availability
Other than directly testing the 636 port on each DC,
can anyone suggest a method for an unprivledged client
to discover whether or not LDAPS should be available
on a specific DC?
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
