Detlev Habicht wrote:
> Hello,
> i need a simple, plain LDAP bind for authentication for a host,
> which is not part of my IPA domain.
> Something like this is working in the domain:
>  ldapsearch -vx -H ldaps://xxx.yyy.intern -b "cn=accounts,dc=yyy,dc=intern"
> My problem is, it is only working with the hostname xxx.yyy.intern which
> is part of my domain yyy.intern. But outside of the domain i have to
> use the IP address or something like
> <> .
> But than i have this error message:
> ldap_initialize( ldaps:// )
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> Any idea what i can do?
> Thank you!
> Detlev
> P.S.: I have the same problem in the domain, when i am not using 
>       xxx.yyy.intern. IP address for example is also not working.

I'd slap a -d 255 onto that command. It will give you a lot more
information on what is going on. It could be rejecting the request
because the requested name (IP address) doesn't match anything in the cert.

The 389-ds access log will also confirm whether you are making a
connection or not (to rule out firewall, etc). Note that this log is
buffered so you need to be patient, tail -f won't show connections


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to