-
From: joe [EMAIL PROTECTED]
To: ActiveDir@mail.activedir.org
Sent: Tuesday, October 10, 2006 10:45 PM
Subject: RE: [ActiveDir] Discovering LDAPS availability
Hmm doesn't look like anyone else has figured this out or just doesn't
deploy LDAPS or alternately makes sure every DC is capable
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Discovering LDAPS availability
The project that I'm working on makes heavy use of LDAPS. However, at the
moment, we favour the latter statement - the built DCs don't leave staging
until the certs are pulled. They must be signed off
@mail.activedir.org
Subject: RE: [ActiveDir] Discovering LDAPS availability
The alternate solution I previously mentioned to David and his cohorts
in
crime was a distasteful but functional solution of writing their own
service
or script to register the records based on that script/service querying
the
DCs
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Discovering LDAPS availability
In this context, would it make sense to write/use a servicePrincipalName
value? (maybe even using admod/adfind 8-) )
Mike Thommes
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
PROTECTED] On Behalf Of David Loder
Sent: Friday, October 06, 2006 8:51 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Discovering LDAPS availability
joe's absolutely right. What's trying to be
accomplished is to publish new LDAPS SRV records for a
300+ DC environment. But I don't want
PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Discovering LDAPS
availability
Couldn't you just query the DNS for the SRV record
advertising it...
Matt Duguid
Systems Engineer for Identity Services
Department of Internal Affairs
Phone: +64 4 4748028 (wellington)
Mobile
There isn't really a way to do it without attempting to connect. Also,
remember that SSL has to be negotiated between the client and server. The
server may be perfectly capable of doing SSL, but if the client doesn't
trust the server's certificate or attempts to contact the server with a name
@mail.activedir.org
Subject: Re: [ActiveDir] Discovering LDAPS availability
Couldn't you just query the DNS for the SRV record advertising it...
Matt Duguid
Systems Engineer for Identity Services
Department of Internal Affairs
Phone: +64 4 4748028 (wellington)
Mobile: +64 21 1713290
Fax: +64 4 4748894