Detlev Habicht wrote:
> Hello,
> 
> i need a simple, plain LDAP bind for authentication for a host,
> which is not part of my IPA domain.
> 
> Something like this is working in the domain:
> 
>  ldapsearch -vx -H ldaps://xxx.yyy.intern -b "cn=accounts,dc=yyy,dc=intern"
> 
> My problem is, it is only working with the hostname xxx.yyy.intern which
> is part of my domain yyy.intern. But outside of the domain i have to
> use the IP address or something like xxx.yyy.zzz.de
> <http://xxx.yyy.zzz.de> .
> 
> But than i have this error message:
> 
> ldap_initialize( ldaps://xxx.yyy.zzz.de:636/??base )
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> 
> Any idea what i can do?
> 
> Thank you!
> 
> Detlev
> 
> P.S.: I have the same problem in the domain, when i am not using 
>       xxx.yyy.intern. IP address for example is also not working.

I'd slap a -d 255 onto that command. It will give you a lot more
information on what is going on. It could be rejecting the request
because the requested name (IP address) doesn't match anything in the cert.

The 389-ds access log will also confirm whether you are making a
connection or not (to rule out firewall, etc). Note that this log is
buffered so you need to be patient, tail -f won't show connections
immediately.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to