Using ldapsearch to access Exchange 5.5 on tcp/636

brapp
brapp used Ask the Experts™
on
I currently have these LDAP queries working against Exchange 5.5 on port 389 but would like to use SSL/TLS.  I think I have the cert installed correctly for LDAP on the Exchange server, but need some help figuring out how to use ldapsearch as the client for Exchange SSL.  Not sure if this requires using stunnel, or specific values in ldap.conf beyond what I currently use in my `ldapsearch -x -H ldap://... ` command line.

Thanks,

Bryan Rapp
GeoFields, Inc.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
ldapseearch -h exchangeserver -p 389 -b "YOU-BASEDN-HERE" -D "uid=YOUR-ALLOWED-UID-HERE" -w PASSWD YOUR-FILTER-HERE

# probaly you may miss -D ..

Author

Commented:
Yes, I have this working great over port 389 - my goal though is to encrypt this traffic with SSL over port 636.  Here is my search string:

ldapsearch -LLL -x -H ldap://172.16.1.202:389 -b "cn=recipients,ou=twosevens,o=riskframe" -D "cn=brapp,dc=riskframe,cn=admin" -w password "mail" "othermailbox"

I'd like to use -ZZ or similar? and ensure that I am encrypting traffic.

Bryan  
> .. -H ldap://172.16.1.202:389
you specify port 389, and wonder that it is not encrypted?

you need
  -H ldap://172.16.1.202:636      # if your ldapsearch supports this
or
  -H ldap://172.16.1.202 -p 636

(BTW, my ldapsearch uses option -h, not -H)
You don't have do more for encryption, except going to port 636, usually (if the server uses SSL/TSL on port 636).
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Exactly, the search example I gave was my current, working, plaintext search that I want to modify for SSL.  Thanks for the suggestions.

Author

Commented:
BTW, I never did figur this out strictly using port 636.  Enabling this port was no problem but an Ethereal session proved my suspicion that nothing was actually getting encrypted.  I eventually reached my goal though by incorporating stunnel, and all is well.
brapp:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
even my suggestion wasn't that bad, stunnel seems to be the solution here. If this is true I'd recommend 0 points PAQ
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
PAQ / Refund
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

TheWeakestLink
EE Cleanup Volunteer
PAQed per request/recommendation & Points refunded

YensidMod
Community Support Moderator

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial