I've got a Windows 2008R2 terminal server with ~30 users on it. It's joined to a Samba-based domain. During the login script, we connect directly to the LDAP server to pull out certain profile information. This used to work just fine. Now, it doesn't, but only for non-local-admin accounts. Local admins work fine.
As a non-local-admin:
- Connection to ports 389 or 636 just terminate (wireshark on the LDAP server reveals no connection attempt)
- Connection to other ports on the same server work fine
- Same thing on multiple LDAP servers
- Windows firewall is disabled
- Can't find any other rules/policies that may block this
I suspect since this used to work, it came down during an update, but for the life of me, I can't find what.
EDIT: I just ran Wireshark on the machine and didn't see anything when connecting to the LDAP server in question (or any LDAP server for that matter).
I can, however, see traffic when I connect to that server on another port.
So I figured it out...
1) My issue connecting with PuTTY was due to the fact that I was trying to telnet to the LDAP port (OpenLDAP or Windows doesn't like it).
2) The issue with the original Python script was permissions related. Apparently the user not having read permissions on some parts of the LDAP libraries causes python-ldap to return ldap.SERVER_DOWN incorrectly.