How to test LDAP connection on Active Directory?

I need to use LDAP to authenticate against Active Directory 2003. At this point, we are not even sure what port AD is using to accept LDAP queries.

What is the easiest method and utility to use to simply test that we can successfully connect to Active Directory via LDAP?

Currently I'm trying to use Microsoft's LDP.EXE to connect to Active Directory at the port we *think* LDAP is running on, but it just hangs for about 20 minutes at:

ld = ldap_open("ad2.licor.com", 3389);
Established connection to ad2.licor.com.
Retrieving base DSA information...

and then says:

Server error: <empty>
Error<82>: ldap_parse_result failed: Local Error
Getting 0 entries:
-----------

licorbiosciencesAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Toni UranjekConsultant/TrainerCommented:
Hi licorbiosciences,

LDAP port is 389 not 3389.

HTH

Toni
1
aissimCommented:
default port is 389; that may be your only problem.

(if it were ldap over ssl the port is 636 I believe)
0
brwwigginsIT ManagerCommented:
LDAP should be on port 389
I like using the LDAP browser tool to test connections http://www.ldapadministrator.com/download.htm
It's free and works well
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

ckimball99Commented:
By default, you access LDAP via AD by default port of 389.

3389 is used for remote desktop.  

You might have been thinking of port 3268, which is for the Global Catalog, as you can see here: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_bsad.mspx?mfr=true
0
licorbiosciencesAuthor Commented:
Hey, everybody, I *know* the default port is 389. This was changed by a previous administrator on install to, we believe, 3389 or one of the following:

Port       State       Service
53/tcp     open        domain
135/tcp    open        loc-srv
139/tcp    open        netbios-ssn
443/tcp    open        https
445/tcp    open        microsoft-ds
1025/tcp   open        NFS-or-IIS
1040/tcp   open        unknown
1050/tcp   open        java-or-OTGfileshare
1066/tcp   open        unknown
1723/tcp   open        pptp
3028/tcp   open        unknown
3389/tcp   open        ms-term-serv
8080/tcp   open        tomcat5
8400/tcp   open        unknown
8402/tcp   open        unknown
10250/tcp  open        unknown
0
Toni UranjekConsultant/TrainerCommented:
You can not change LDAP port to port which already in use by another service.

Use Portquery to locate LDAP port:

"How to Use Portqry to Troubleshoot Active Directory Connectivity Issues"
http://support.microsoft.com/kb/310456
0
ckimball99Commented:
Presumably, you have tried 389 with no success then?
0
Toni UranjekConsultant/TrainerCommented:
From what he has posted 389 is not open.

Check your DNS server, _mcdcs zone which should contain _ldap records for your server, if port was changed, maybe DNS record will have correct port number defined.
0
licorbiosciencesAuthor Commented:
Nice tool. I've tried quite a few but hadn't run across this one. Thx!
0
licorbiosciencesAuthor Commented:
toniur,

Sweet! Your suggestion to check the DNS server on AD was right on. Turns out LDAP is on 3268.

The previous port scan doesn't show 3268 because we were originally pointing at the wrong server!  duh!

thx
0
ckimball99Commented:
I already point out 3268 in my first post.  I guess you didn't look at that?
0
licorbiosciencesAuthor Commented:
ckimiball99,

You were absolutely right on target with the expected LDAP port. I did see your post. At that particular moment, my colleague and I were focused on a secondary AD server that we shouldn't have been pointing at. Mea culpa and many kudos to you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.