• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 169238
  • Last Modified:

How to test LDAP connection on Active Directory?

I need to use LDAP to authenticate against Active Directory 2003. At this point, we are not even sure what port AD is using to accept LDAP queries.

What is the easiest method and utility to use to simply test that we can successfully connect to Active Directory via LDAP?

Currently I'm trying to use Microsoft's LDP.EXE to connect to Active Directory at the port we *think* LDAP is running on, but it just hangs for about 20 minutes at:

ld = ldap_open("ad2.licor.com", 3389);
Established connection to ad2.licor.com.
Retrieving base DSA information...

and then says:

Server error: <empty>
Error<82>: ldap_parse_result failed: Local Error
Getting 0 entries:

  • 4
  • 3
  • 3
  • +2
1 Solution
Toni UranjekConsultant/TrainerCommented:
Hi licorbiosciences,

LDAP port is 389 not 3389.


default port is 389; that may be your only problem.

(if it were ldap over ssl the port is 636 I believe)
LDAP should be on port 389
I like using the LDAP browser tool to test connections http://www.ldapadministrator.com/download.htm
It's free and works well
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

By default, you access LDAP via AD by default port of 389.

3389 is used for remote desktop.  

You might have been thinking of port 3268, which is for the Global Catalog, as you can see here: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_bsad.mspx?mfr=true
licorbiosciencesAuthor Commented:
Hey, everybody, I *know* the default port is 389. This was changed by a previous administrator on install to, we believe, 3389 or one of the following:

Port       State       Service
53/tcp     open        domain
135/tcp    open        loc-srv
139/tcp    open        netbios-ssn
443/tcp    open        https
445/tcp    open        microsoft-ds
1025/tcp   open        NFS-or-IIS
1040/tcp   open        unknown
1050/tcp   open        java-or-OTGfileshare
1066/tcp   open        unknown
1723/tcp   open        pptp
3028/tcp   open        unknown
3389/tcp   open        ms-term-serv
8080/tcp   open        tomcat5
8400/tcp   open        unknown
8402/tcp   open        unknown
10250/tcp  open        unknown
Toni UranjekConsultant/TrainerCommented:
You can not change LDAP port to port which already in use by another service.

Use Portquery to locate LDAP port:

"How to Use Portqry to Troubleshoot Active Directory Connectivity Issues"
Presumably, you have tried 389 with no success then?
Toni UranjekConsultant/TrainerCommented:
From what he has posted 389 is not open.

Check your DNS server, _mcdcs zone which should contain _ldap records for your server, if port was changed, maybe DNS record will have correct port number defined.
licorbiosciencesAuthor Commented:
Nice tool. I've tried quite a few but hadn't run across this one. Thx!
licorbiosciencesAuthor Commented:

Sweet! Your suggestion to check the DNS server on AD was right on. Turns out LDAP is on 3268.

The previous port scan doesn't show 3268 because we were originally pointing at the wrong server!  duh!

I already point out 3268 in my first post.  I guess you didn't look at that?
licorbiosciencesAuthor Commented:

You were absolutely right on target with the expected LDAP port. I did see your post. At that particular moment, my colleague and I were focused on a secondary AD server that we shouldn't have been pointing at. Mea culpa and many kudos to you!

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now