Hi all,
As part of a bigger issue, I'm trying to figure out if indeed my MS AD
is configured properly to communicate via SSL.
I'm running Ubuntu(debian) and MS Server 2008. So obviously I'm using
OpenLDAP. I would have posted to their mailing list, but they said to
post here for general issues involving LDAP. I appreciate any help or
clues as to what the problem might be.
I've tried with the command:
$ ldapsearch -x -W -LLL -E pr=200/noprompt -h ??? -p 3268 -D
"?...@???.???" -b "dc=???, dc=???" -s sub "(cn=*)" cn mail sn
And I get a lot of info from the AD. However when I try to use SSL:
$ ldapsearch -W -LLL -E pr=200/noprompt -h ??? -p 636 -D "?...@???.???"
-b "dc=???, dc=???" -s sub "(cn=*)" cn mail sn
I get:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
I've also tried with -Z (STARTTLS) and -I (what is interactive SASL
anyway?). No go.
To be honest I don't really understand if or why TLS is needed if I am
connecting to an SSL only port (636). As I think that maybe that's what
STARTTLS is for. Correct me if I'm wrong please.
Is that supposed to work? Like I said, I'm not even sure if MS AD is
working correctly. So I'm trying to use 3rdparty tool to test it.
Thanks a lot for your time and advice.
Cheers,
Simon
