We are a single domain controller environment (testing purposes)
Recently did an upgrade from windows 2000 domain controller / forest to windows 2008.
My path was windows 2000 advance server sp4 - > windows 2003 enterprise sp2 -> windows 2008 enterprise 32bit sp2.
Forest and Domain are set to windows 2003 functionality. We have a windows 2003 exchange server so kept everything at 2003
Problem I have is anonymous binding to ldap. I know anonymous binding have been disabled by default when going from 2000 domain to 2003 domain. I have provision what I think are the necessary steps to enable anonymous authentication.
I am able to connect to ldap but cannot bind using anonymous.
I am able to bind to ldap if I use domain\administrator account
I have checked my DSheuristic under adsiedit and ensure that i have 0000002 as well as double checked the anonymous account in the security tab for the domain and ensure that it has read rights and list contents rights.
I tried using ldp.exe as well as the sourceforge tool ldapadmin.
the dlp.exe tool gives me this error:
res = ldap_simple_bind_s(ld, '', <unavailable>); // v.3
Authenticated as: 'NT AUTHORITY\ANONYMOUS LOGON'.
Expanding base 'DC=mydomain,DC=com'...
ldap_get_next_page_s failed: 1
Server error: 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772
Error 0x4DC The operation being requested was not performed because the user has not been authenticated.
Result <1>: 000004DC: LdapErr: DSID-0C0906DD, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1772
Getting 0 entries:
The ldapadmin tool gives me this error:
LDAP error! Operations Error: 000004DC: LdapErr: DSID00C0906DD, comment: In order to perfrom this operation a successful bind must be completed on the connection., data 0, v1772
I need the anonymous bind to test out some of our apps.