• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2351
  • Last Modified:

LDAP URL?

I opened up my firewall for a company to send LDAP requests, but need to setup my LDAP URL. Since the LDAP URL is setup on their side, I am guessing that I need to do something like the following:

LDAP://ldapserver.domain.com/DC=domain,DC=com

OR

LDAP://x.x.x.x/DC=domain,DC=com

where x.x.x.x is the IP address is assigned form my external IP pool assigned to the LDAP server, since again, this is setup on a company's server needing access across the internet, through my firewall and to my AD server.

My LDAP server is Active Directory. I set this up both ways, but neither is working. Is there an easy way to determine my LDAP URL?
0
Greg27
Asked:
Greg27
  • 3
  • 3
1 Solution
 
Tony MassaCommented:
If your DC is a member of the domain you're trying to hit, then it should just be:

LDAP://ip.addr.ess.domain.com

You should use the domain controller name or IP since you're restricting it on your firewall.  So a LDAP query would look like this:

"SELECT * FROM 'LDAP://DC1.domain.com' WHERE objectCategory='user' AND sAMAccountName='jsmith'"

What application is on the other side?  It will have to authenticate before submitting a query.  Anonymous access is not allowed by default?  You can try to use the LDP.exe on the other side of your firewall for testing.

http://java.sun.com/products/jndi/tutorial/ldap/misc/url.html
0
 
Greg27Author Commented:
I don't have access to their side. I have a web interface where I am just supposed to enter the value. I can then test it to see if it is working. Since they are off-site, I am guessing the IP address would be the external IP address of the LDAP server and not the internal IP address for it?
0
 
Tony MassaCommented:
Correct, you would then have a static NAT.  If they are using secure LDAP (or LDAPS), then you have to also allow the 636 TCP port, instead of 389
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Greg27Author Commented:
How do you setup LDAPS? Would I need to purchase an SSL cert? Where do you set it up?
0
 
Tony MassaCommented:
If you have a Windows Certificate server, or you can purchase one.
http://support.microsoft.com/kb/321051
0
 
Greg27Author Commented:
I found out what the URL needs to be. It is actually what I originally put in, but for some reason i must have tried it with an invalid user account, but the URL should be:

http://x.x.x.x/DC=domain,DC=com

Thanks for the help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now