How can I check/test LDAP Setting on Windows Server 2003

We just installed a new SonicWall (TZ100) that we would like to integrate with our Active Directory on Windows Server 2003.

I have been following through the SonicWall Documentation, but I keep running into a connection issue.

Is there a way to check/test the LDAP setting on my Windows Server 2003 so that I can see what it is looking for an excepting?
LVL 1
AutomatedITAsked:
Who is Participating?
 
Jimmy Larsson, CISSP, CEHConnect With a Mentor Network and Security consultantCommented:
I recommend you using a freeware ldap browser (try any of the 5 first hits for "free ldap browser" on google) before trying to configure your sonicwall. It will come more clear to you about the syntax of ldap settings if you first succeed in connecting with a standalone browser.

In general when you talk ldap to a windows server you need these settings:

username: cn=administrator,ou=users (or similar. Specify username and the containter where this user is)
password: password
Use secure ldap.

When you managed to contact the AD with your ldap browser it will be much easier for you to configure ldap-settings in your firewall.

Good luck!

As a reference, here is how I configure my Cisco ASA to authenticate users in AD over LDAP at home:

aaa-server LDAP protocol ldap
aaa-server LDAP (outside) host 192.168.1.51
ldap-base-dn CN=Users,DC=kvistofta,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn CN=admin,CN=Users,DC=kvistofta,DC=local
server-type microsoft

/Kvistofta
0
 
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
You want to communicate directly with LDAP on your domain controller?  
From your command prompt:
ldp <name.of.DC>
0
 
AutomatedITAuthor Commented:
Okay,  I have narrowed down my issue.  

It is not accepting the Administrator credentials for LDAP.  I tested on another network using the administrator credentials and it worked fine.  Guess that the administrator permissions have been specifically changed somehow.

Question:  I would like to setup an AD account to be solely used for LDAP communication.  How to I assign the appropriate permissions?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
supergggCommented:
0
 
smtwklaCommented:
What exactly is the message you get from your firewall when you test the connection? Did you try connecting with some other user name?

Remember you must use the user's full name and not the logon username. Make sure that the administrator account you are trying to use is in the OU you expect. There is a setting "User tree for login to server" in the Directory tab of the LDAP config. Make sure you got it right.

What is the exact message you are getting?
0
 
AutomatedITAuthor Commented:
Error 49: Invalid Credentials
0
 
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
The problem is probably NOT the password but instead the way you specify the username. You cannot just say "administrator" but must use an X500-format, like in my example above: "CN=admin,CN=Users,DC=kvistofta,DC=local".

/Kvistofta
0
 
smtwklaCommented:
As Kvistofta says, It is not due to the password being wrong. It is due to the way you specify the credentials. Please read the sonicwall LDAP integration guide http://www.sonicwall.com/downloads/LDAP_Integration_Feature_Module.pdf
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.