[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: openldap client configuration to connect to AD
Sankhadip Sengupta wrote:
> Michael Ströder wrote:
>> Santosh Kumar wrote:
>>> ./ldapsearch -x -W -h 10.10.10.10 -b
>>>"CN=testuser,OU=Users,OU=KeyPairIN,OU=KeyPair,DC=keypair,DC=internal"
>>> -S sub
>>> Enter LDAP Password: ***
>>>
>>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>
>> This means the server is not reachable at TCP level. Make sure your
>> AD is reachable on the IP address given with -h.
>
> I have encountered this issue before.This I fixed by allowing
> permissions(anonymous read) on the ADS.By default anonymous read on ADS
> is not allowed by windows.To do this you need to select a dc from the
> ADS and right click on it and add "ANONYMOUS LOGON" user to it.Then
> change the permission to "list all contents".This will work then.
1. The error message "Can't contact LDAP server (-1)" clearly indicates
that the server wasn't reachable at TCP level. You definitely won't
solve that by allowing anonymous access in AD. Santosh has to solve that
issue at network level.
2. Changing the AD configuration to allow anonymous access might give
you some issues with people auditing your system (e.g. in the banking
business).
Ciao, Michael.