Re: [ActiveDir] Discovering LDAPS availability

2006-10-11 Thread Paul Williams
- From: joe [EMAIL PROTECTED] To: ActiveDir@mail.activedir.org Sent: Tuesday, October 10, 2006 10:45 PM Subject: RE: [ActiveDir] Discovering LDAPS availability Hmm doesn't look like anyone else has figured this out or just doesn't deploy LDAPS or alternately makes sure every DC is capable

RE: [ActiveDir] Discovering LDAPS availability

2006-10-11 Thread joe
To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Discovering LDAPS availability The project that I'm working on makes heavy use of LDAPS. However, at the moment, we favour the latter statement - the built DCs don't leave staging until the certs are pulled. They must be signed off

RE: [ActiveDir] Discovering LDAPS availability

2006-10-11 Thread Thommes, Michael M.
@mail.activedir.org Subject: RE: [ActiveDir] Discovering LDAPS availability The alternate solution I previously mentioned to David and his cohorts in crime was a distasteful but functional solution of writing their own service or script to register the records based on that script/service querying the DCs

RE: [ActiveDir] Discovering LDAPS availability

2006-10-11 Thread joe
To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Discovering LDAPS availability In this context, would it make sense to write/use a servicePrincipalName value? (maybe even using admod/adfind 8-) ) Mike Thommes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

RE: [ActiveDir] Discovering LDAPS availability

2006-10-10 Thread joe
PROTECTED] On Behalf Of David Loder Sent: Friday, October 06, 2006 8:51 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Discovering LDAPS availability joe's absolutely right. What's trying to be accomplished is to publish new LDAPS SRV records for a 300+ DC environment. But I don't want

RE: [ActiveDir] Discovering LDAPS availability

2006-10-06 Thread David Loder
PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Discovering LDAPS availability Couldn't you just query the DNS for the SRV record advertising it... Matt Duguid Systems Engineer for Identity Services Department of Internal Affairs Phone: +64 4 4748028 (wellington) Mobile

Re: [ActiveDir] Discovering LDAPS availability

2006-10-05 Thread Joe Kaplan
There isn't really a way to do it without attempting to connect. Also, remember that SSL has to be negotiated between the client and server. The server may be perfectly capable of doing SSL, but if the client doesn't trust the server's certificate or attempts to contact the server with a name

RE: [ActiveDir] Discovering LDAPS availability

2006-10-05 Thread joe
@mail.activedir.org Subject: Re: [ActiveDir] Discovering LDAPS availability Couldn't you just query the DNS for the SRV record advertising it... Matt Duguid Systems Engineer for Identity Services Department of Internal Affairs Phone: +64 4 4748028 (wellington) Mobile: +64 21 1713290 Fax: +64 4 4748894