Solved

LDAP URL?

Posted on 2010-09-15
6
2,158 Views
Last Modified: 2012-08-13
I opened up my firewall for a company to send LDAP requests, but need to setup my LDAP URL. Since the LDAP URL is setup on their side, I am guessing that I need to do something like the following:

LDAP://ldapserver.domain.com/DC=domain,DC=com

OR

LDAP://x.x.x.x/DC=domain,DC=com

where x.x.x.x is the IP address is assigned form my external IP pool assigned to the LDAP server, since again, this is setup on a company's server needing access across the internet, through my firewall and to my AD server.

My LDAP server is Active Directory. I set this up both ways, but neither is working. Is there an easy way to determine my LDAP URL?
0
Comment
Question by:Greg27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 33682747
If your DC is a member of the domain you're trying to hit, then it should just be:

LDAP://ip.addr.ess.domain.com

You should use the domain controller name or IP since you're restricting it on your firewall.  So a LDAP query would look like this:

"SELECT * FROM 'LDAP://DC1.domain.com' WHERE objectCategory='user' AND sAMAccountName='jsmith'"

What application is on the other side?  It will have to authenticate before submitting a query.  Anonymous access is not allowed by default?  You can try to use the LDP.exe on the other side of your firewall for testing.

http://java.sun.com/products/jndi/tutorial/ldap/misc/url.html
0
 

Author Comment

by:Greg27
ID: 33684128
I don't have access to their side. I have a web interface where I am just supposed to enter the value. I can then test it to see if it is working. Since they are off-site, I am guessing the IP address would be the external IP address of the LDAP server and not the internal IP address for it?
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33684215
Correct, you would then have a static NAT.  If they are using secure LDAP (or LDAPS), then you have to also allow the 636 TCP port, instead of 389
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:Greg27
ID: 33733450
How do you setup LDAPS? Would I need to purchase an SSL cert? Where do you set it up?
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33734138
If you have a Windows Certificate server, or you can purchase one.
http://support.microsoft.com/kb/321051
0
 

Author Closing Comment

by:Greg27
ID: 33751115
I found out what the URL needs to be. It is actually what I originally put in, but for some reason i must have tried it with an invalid user account, but the URL should be:

http://x.x.x.x/DC=domain,DC=com

Thanks for the help.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question