Ldp.exe
Eden Kolander
I followed the instructions in the article here. I made a mistake (don't remember which values I set in mustContain attribute) now I can't create an active directory account I would like to query mustContain attribute in class= user to find the values in mustContain. I tried ldp.exe search but confuse what parameters in need to use in search function.
I have encountered an issue while attempting to connect ldp.exe to a GSLB (Global Server Load Balancing) setup for LDAPS on SSL_TCP. The GSLB configuration is similar to the load balancer server's SSL_TCP on port 636. However, when I try to establish the connection, I receive the following error message:
I recently encountered an issue where we were experiencing connection issues to a new LDAPS server (LDAP over SSL). The connection all worked ok when using LDAP (the unsecured version of the Lightweight Directory Access Protocol). In this blog, I want to introduce Microsoft ldp.exe, which allows us to test the SSL connection with certificates.
When I used the same certificates with ldp.exe to verify the connection I received the following error message generated by ldp.exe in the windows event viewer this contains more useful information which confirmed the results from Sage X3 that certificates were the likely cause of the connection failure.
The LDAPS protocol uses certificates to authenticate and secure the connection between the directory server and the ldp.exe client. So, before we can test the LDAPS connection, we will need to import the certificates into the local windows certificate store on the machine where ldp.exe is installed.
Hopefully, this blog has given you another way to test the connection to your LDAP server outside of X3, eliminating any issues stemming from the sage X3 Syracuse component and an introduction to the ldp.exe tool available from Microsoft.
Troubleshooting an LDAP auth issue with vendor. They have me run ldp.exe from their server to see if the user can bind. LDP connects fine but when trying double clicking the white space on the left of the window, I get "Error 0x208D Directory object not found". I tried this straight from the DC and got the same thing. Any ideas? Other applications LDAP auth work fine.
To troubleshoot further I checked SSL certificate deployed for LDAP on Domain Controller. On the personal (my) computer account go and check properties of LDAPS certificate. I checked Issued to, Subject CN and Certification Path. There was no IP mentioned. I used FQDN to connect on ldp.exe.
Getting this message when you are trying to log in is a result of incorrect details for the Bind user, or the user account having insufficient permissions in Active Directory. The best way to test and resolve this is use ldp.exe to test binding until it suceeds. There are instructions on installing ldp.exe below.Open the program and Connect to AD, giving the server name, then from the Connection menu choose Bind. Enter the details you think are correct and you will probably find that an error is returned. Try adjusting the accounts priveleges or another account until you are returned an "Authenticated as" message.Once you are sure your account can be used to bind to AD, check that the DN of that users name is correct. Expand the tree on the left until you find the user you used to bind. Right click on that item and choose Copy DN. Go to the User Authentication page in Moodle and paste the value into the ldap_bind_dn field. Add the password and you can now feel safe your user is binding sucessfully.
For those not familiar with AD this could be very confusing, and not that easy for some who are familiar with it. Again, ldp.exe is your friend. There are instructions on installing ldp.exe below.Open it up and expand the tree on the left until you find the group or user you want to use and right click on it and select Copy DN. Go back to the Moodle User Authentication page and paste that value into either ldap_contexts or ldap_creators.
By default, Moodle uses an accounts cn (full name) to verify against, but most networks don't use a full given name for logon as it's too easy to guess and you can easily have two people with the same name. If this is the case for you too you need to tell Moodle to look at another field for the logon id.In ldp.exe navigate the tree on the left to find a user account, preferably your own. Double-click the item in the tree and full-details will be loaded into the screen on the right. Look down the details until you find your logon id and note the item listed against it. For me, and a lot of people, it is sAMAccountName. Copy this name and paste it into the ldap_user_attribute on the Moodle User Authentication page.There are instructions on installing ldp.exe below.
ldp.exe comes as part of the Server Tools on most versions of Windows Server. Find your Windows Server installation disc and find a folder on it called Support\Tools. In there will be a SupTools.msi which will install the server tools if run. You should now have a folder under Program Files called Support Tools, in which will be ldp.exe. ldp.exe is also available in the Windows XP Support Tools, which you can download from Microsoft here. Alternatively, a single download of ldp.exe is available here.
When you install a domain controller, you can see the contents of the Active Directory partitions of the domain controller via a graphical interface with "ADSI Edit" or in text format using the "ldp.exe" program.
Although this program isn't the most useful nor the easiest to use, be aware that it exists.