Hi Joe and thanks >Yes Active Directory supports TLS. You can check for the OID in supportedExtension of the RootDSE to validate that the specific server you are querying supports it. It is available anonymously assuming you can get to port 389. Look for 1.3.6.1.4.1.1466.20037 (LDAP_SERVER_START_TLS_OID). This goes back to at least Windows Server 2003 TMK.
Yes I can connect to that port (via telnet anyway). How do I make an anonymous request like that (sorry for n00b question) > The user principal name default is indeed loginname@dnsdomain... > However, that can be overridden, I would verify with the admins that > the userPrincipalName attribute hasn’t been set to something else. Thanks for that tip I'll ask them about their UPN > You should also be able to use the full DN if you know that or domain > \userid as well. Would that be cn=username, dc=au,dc=com,dc=xyz ? (I have tried that but I got "implementation specific error".)- I don't really have any experience with LDAP DNs. > I am uncertain of what you are working with, but if you have the > ability to ignore the server cert you can see if doing that gets you > your connection, I can access ldap.conf and can tell it to ignire the cert. If I do, I get the "invalid credentials" error. if not I get the "Implementation specific error". I'm guessing there is an issue with both the cert AND the DN as well but I'm lost as to how to resolve it and am using guesswork :( >
