Solved

Accessing LDAP on windows 2000 server problem

Posted on 2004-09-23
8
192 Views
Last Modified: 2010-04-14
Hiya we are running windows 2000 SBS, and use active directory, we have a spam filter for for our exchange which can connect to active directory to deny any email automatically to an address which doesnt match AD. This doesnt appear to work. So i did a test by on my workstation going to ldap://sbs200 (server name) and popped up the search name, and i get an error when i hit search saying could not be performed blah blah operation error.. If anybody could help me to make sure its working ok and not the filters problems. I run ISA server 2000 could that be causing a problem with LDAP axxs??

I run both isa, PDC on the same Machine.

Regards

Adept22
0
Comment
Question by:adept22
  • 5
  • 3
8 Comments
 
LVL 3

Expert Comment

by:markoid
ID: 12140668
Dont worry about that ldap test...
If you use the ldp command and connect from a remote machine you can connect to your directory ok

Here is how to look up a user using ldp.exe http://support.microsoft.com/?kbid=224543

Do you have a third party spam filter or do you use exchange ?
If it is a third party app how do you tell it where to get its directory info ?

0
 

Author Comment

by:adept22
ID: 12140772
OK i didnt know bout the LDP command. i tried that and connected to the server but it didnt work

ld = ldap_open("sbs2000", 389);
Error <0x0>: Fail to connect to sbs2000.

AD is obviously working coz logons work ok and computersa re connected to domain etc. seems to be a problem  connecting to it.

I use a ORFilter, in the options you enter your LDAP:\\sbs2000 string to tell it where to get the info from.

thats why i was thinking it might be isa server blocking the request but its over the lan so it should be trusted for that  range of ip's.. Im stuffed.
0
 
LVL 3

Expert Comment

by:markoid
ID: 12140818
if you ping sbs2000 you get a reply right ?
Wat about connecting using the IP
if you telnet to the port ie - telnet sbs2000 389 does it tell you connection refused or does it just sit and do nothing ?

Try the IP in ORFilter of the FQDN ie -  sbs2000.abc.com
0
 
LVL 3

Expert Comment

by:markoid
ID: 12140827
Your isa server maybe blocking port 389 which is used for LDAP

common ports for exchange

UDP/TCP 53 (DNS)
UDP/TCP 88 (Kerberos authentication)
TCP 123 (Network Time Protocol—NTP) This is necessary only to synchronize the time of the Exchange server with your internal network, which is required for Kerberos authentication.
TCP 135 (DEC Endpoint Resolution, also known as RPC Endpoint Mapper)
UDP/TCP 389 (LDAP Access)
TCP 445 (Microsoft Directory Service)
TCP 3268 (LDAP to global catalog servers)
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:adept22
ID: 12150024
How do i ensure they are enabled? is the the packet filters for isa i need to be checking?

Cheers
Adept22
0
 
LVL 3

Expert Comment

by:markoid
ID: 12150192
Try telnetting to each port if it says connection refused you know the port is blocked.

from a cmd line type TELNET SBS2000 53

That will telnet to port 53....If it is open it will probably not do alot except maybe sit with a flashing couser(spelling) If it it blocked it will say connection refused.
0
 

Author Comment

by:adept22
ID: 12177484
Ok ive telnetted into the box and all the ports are open. it comes up with just the flashing cursor.
0
 
LVL 3

Accepted Solution

by:
markoid earned 75 total points
ID: 12188427
ok

Should the \\ after LDAP not be // slashes does this make a difference ?
Have you tried the IP address of the server in ORfilter ie -  LDAP://***.***.***.***
Have you tried the FQDN of the server in ORfilter ie -  LDAP://SBS200.abc.com

Another tool you may find useful to query ports is here
http://support.microsoft.com/default.aspx?kbid=832919
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now