Mohammad D wrote: > I could finally configure active directory server to allow anonymous LDAP > searches.
You should not do that. At least you should not assume that an AD admin is willing to allow that. You should bind as any user who can read the configuration partition. > the CRL Distribution Point given in the certificates issued by this > server is : > ldap:///CN=test,CN=testca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mohamad,DC=ir?certificateRevocationList?base?objectClass=cRLDistributionPoint Is this a running CA? Details about how MS Certificate Services work with MS AD are best asked in Microsoft forums. > I did the following search on ubuntu: > ldapsearch -x -h 192.168.81.129 -b "CN=test,CN=testca,CN=CDP,CN= > Public Key Services,CN=Services,CN=Configuration,DC=mohamad,DC=ir" > "(objectClass=cRLDistributionPoint)" certificateRevocationList > > it returns: > [..] > result: 32 No such object Which means the entry specified with -b does not exist. > BTW only the second link works but its German and I don't know German. > > 2011/5/16 Michael Ströder <[email protected] <mailto:[email protected]>> > There is also > ldap.signtrust.de <http://ldap.signtrust.de> > directory.d-trust.de <http://directory.d-trust.de> That's what your mail reader automagically turned my text into. But these were meant just as the *hostnames* not HTTP URLs of LDAP servers listening on port 389. ldap://ldap.signtrust.de ldap://directory.d-trust.de Sorry, I can't help you any further at that detailed level. Ciao, Michael.
