[Date Prev][Date Next]
RE: openldap and SSL with AD
What did you do, specifically, to ActiveDirectory to enable it
to "speak" TLS and use Port 636 ???
Is this ALL you did:
In our organization, we have "Windows" administrators, and
a separate "Unix" administrators/developer group. I belong
to the Unix group. The Windows group is "researching" what is necessary
and what the ramifications are to enabling the TLS connection
to Active Directory.
Your experiences would be helpful.
From: Norbert Klasen
Sent: Thursday, February 13, 2003 9:31 AM
To: Daniel Barron; openldap-software@OpenLDAP.org
Subject: Re: openldap and SSL with AD
--On Donnerstag, 13. Februar 2003 14:49 +0000 Daniel Barron
> I have set up the win2k AD to work with LDAPS on port 636 and I have
> tested it to work with an windows ldap browser that works over SSL.
> So all that bits done.
> But I have no idea how to change the code to make it connect using
> I tried ldapsearch with the -ZZ option and -p 636 but all I got was:
> ldap_init( 192.168.72.230, 636 )
> ldap_start_tls: Can't contact LDAP server
You're mixing START_TLS (which normally uses port 389) and LDAPS. The -ZZ
option requires START_TLS which is not supported by AD. Try using
Unless you're server certificate containes a subjectAltName extension of
type ip address, you'll also need to use the server's FQDN instead of its
See also http://www.openldap.org/faq/data/cache/185.html