Hi Michael- I also suggest using ldp.exe on the Windows DC *first* to test connectivity. Then try from an external host, like the Linux server below.
Also, as an FYI, the number one problem that I've seen with bringing up SSL on an AD DC is installing a cert that is not trusted by the DC. (You'll see errors in Event Log.) Ensure you use a known SSL vendor or install the CA cert on the DC. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Ströder Sent: Tuesday, November 24, 2009 2:30 AM To: Simon Walter Cc: [email protected] Subject: [ldap] Re: ldap ssl MS AD Simon Walter wrote: > I've tried with the command: > $ ldapsearch -x -W -LLL -E pr=200/noprompt -h ??? -p 3268 -D > "?...@???.???" -b "dc=???, dc=???" -s sub "(cn=*)" cn mail sn > > And I get a lot of info from the AD. However when I try to use SSL: > $ ldapsearch -W -LLL -E pr=200/noprompt -h ??? -p 636 -D "?...@???.???" > -b "dc=???, dc=???" -s sub "(cn=*)" cn mail sn > > I get: > ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) Option -x (to enforce simple bind) is missing in the second command line. Ciao, Michael.
