[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Active Directory port ? to be contacted by slurpd

In order to be able to set some properties in AD (using SSL) one of two
things needs to be true;
1.) The machine making the connection needs to be a member of that
GC/DC's domain, OR

2.) A cert from the target GC/DC needs to be created and installed on
the machine making the connection. (see links) hope this helps.
 
247078 How To Enable Secure Socket Layer (SSL) Communication over LDAP
for
http://support.microsoft.com/?id=247078

321051 How to enable LDAP over SSL with a third-party Certification
Authority
http://support.microsoft.com/?id=321051

254610 System Event ID 36876 When Using LDAP SSL Query of the Active
Directory
http://support.microsoft.com/?id=254610

273753 Description of the LDAP API over SSL requirements
http://support.microsoft.com/?id=273753

883639 An LDAP connection to a CA or an LDAP bind to a CA is completed
http://support.microsoft.com/?id=883639


-----Original Message-----
From: Harry Sufehmi [mailto:milis-2@harrysufehmi.com] 
Sent: Wednesday, November 17, 2004 7:36 AM
To: OpenLDAP-software@OpenLDAP.org
Subject: Active Directory port ? to be contacted by slurpd

Quick question (hopefully) - what's the port that should be connected by
slurp on an Active Directory server, to replicate the changes from
OpenLDAP to Active Directory ?

I've tried 389 and 636, and both failed with the same error message
(attached, output from slurpd -d 65535 -o -r )

Here's the replica setting in slapd.conf:
-----------------
replica         uri=ldaps://10.11.20.13:389
                 binddn="cn=administrator,cn=users,dc=bcc,dc=test"
                 bindmethod=sasl saslmech=GSSAPI credentials=mypassword
replogfile      /usr/local/openldap/var/replog-bcc-test
-----------------

I've googled for this, but strangely there's nothing relevant.

Many thanks in advance.


regards,
Harry

====================================
Config: ** configuration file successfully read and parsed Processing in
one-shot mode:
1 total replication records in file,
1 replication records to process.
begin replication thread for 10.11.20.13:389 Initializing session to
ldaps://10.11.20.13:389 ldap_create
ldap_url_parse_ext(ldaps://10.11.20.13:389)
bind to 10.11.20.13 as - via GSSAPI (SASL)
ldap_sasl_interactive_bind_s: user selected: GSSAPI
ldap_int_sasl_bind: GSSAPI
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: TCP 10.11.20.13:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 10.11.20.13:389
ldap_connect_timeout: fd: 6 tm: -1 async: 0
ldap_ndelay_on: 6
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
TLS trace: SSL_connect:before/connect initialization
tls_write: want=142, written=142
   0000:  80 8c 01 03 01 00 63 00  00 00 20 00 00 39 00 00   ......c... 
..9..
   0010:  38 00 00 35 00 00 16 00  00 13 00 00 0a 07 00 c0
8..5............
   0020:  00 00 33 00 00 32 00 00  2f 03 00 80 00 00 66 00
..3..2../.....f.
   0030:  00 05 00 00 04 01 00 80  08 00 80 00 00 63 00 00
.............c..
   0040:  62 00 00 61 00 00 15 00  00 12 00 00 09 06 00 40
b..a...........@
   0050:  00 00 65 00 00 64 00 00  60 00 00 14 00 00 11 00
..e..d..`.......
   0060:  00 08 00 00 06 04 00 80  00 00 03 02 00 80 8e 8a
................
   0070:  29 8a f4 97 74 ab 34 70  1b ad cf 30 bf 23 5c dc
)...t.4p...0.#\.
   0080:  d5 36 b0 1c cc 06 86 9c  78 d8 08 7e 45 48
.6......x..~EH
TLS trace: SSL_connect:SSLv2/v3 write client hello A
tls_read: want=7, got=0

TLS: can't connect.
ldap_err2string
Error: LDAP SASL for 10.11.20.13:389 failed: Can't contact LDAP server
ldap_unbind Quit