Results 1 to 10 of 11

Thread: LDAP/LDAPS - how to???

Threaded View

  1. #1
    Join Date
    Jul 2006
    Location
    Reno, NV, USA
    Posts
    203
    Rep Power
    9

    Question LDAP/LDAPS - how to???

    Hi,

    I have opened port 389 and port 636 in iptables on my zimbra server. So, I want to connect from a remote server to do some ldap authentication:

    This works (uses port 389 - regular LDAP)
    Code:
    ldapsearch -x -v -H 'ldap://zimbra.mydomain.com/' -b 'ou=people,dc=mydomain,dc=com'  -D 'uid=jdell,ou=people,dc=mydomain,dc=com' -W
    This fails (uses port 636 - secure LDAP) and
    Code:
    ldapsearch -x -v -H 'ldaps://zimbra.mydomain.com/' -b 'ou=people,dc=mydomain,dc=com'  -D 'uid=jdell,ou=people,dc=mydomain,dc=com' -W
    Here is the detailed output of this ldapsearch:
    Code:
    ldap_initialize( ldaps://zimbra.mydomain.com )
    ldap_create
    ldap_url_parse_ext(ldaps://zimbra.mydomain.com)
    Enter LDAP Password: 
    ldap_bind_s
    ldap_simple_bind_s
    ldap_sasl_bind_s
    ldap_sasl_bind
    ldap_send_initial_request
    ldap_new_connection
    ldap_int_open_connection
    ldap_connect_to_host: TCP zimbra.mydomain.com:636
    ldap_new_socket: 3
    ldap_prepare_socket: 3
    ldap_connect_to_host: Trying 192.168.1.1:636
    ldap_connect_timeout: fd: 3 tm: -1 async: 0
    ldap_ndelay_on: 3
    ldap_is_sock_ready: 3
    ldap_is_socket_ready: error on socket 3: errno: 111 (Connection refused)
    ldap_close_socket: 3
    ldap_perror
    ldap_bind: Can't contact LDAP server (-1)
    So, zimbra is refusing the connection on 636, but firewall is open?

    So, let's see if LDAP is running on Zimbra (as root on zimbra box):
    Code:
    >nmap localhost
    Interesting ports on localhost.localdomain (127.0.0.1):
    Not shown: 1669 closed ports
    PORT      STATE SERVICE
    22/tcp    open  ssh
    25/tcp    open  smtp
    53/tcp    open  domain
    80/tcp    open  http
    111/tcp   open  rpcbind
    143/tcp   open  imap
    443/tcp   open  https
    953/tcp   open  rndc
    993/tcp   open  imaps
    Yikes, nmap doesn't see any LDAP running?

    WTF?

    How does query on 389 work? Why is it failing on 636?

    So, I'm totally confused! Please enlighten this neophyte
    Last edited by jdell; 11-03-2006 at 04:25 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •