I'm a little lost with ldapsearch... I have to configure a cloud with AD authentication.
this is working well
ldapsearch -h server -p 389 -x -D 'admin.test' -w 'xxx' -b 'cn=admin.test,cn=users,dc=domain,dc=com'
But i want to make some security and so i try ldaps.
This is working :
> ldapsearch -H ldaps://server -x -D 'admin.test' -w 'xxx' -b 'cn=admin.test,cn=users,dc=domain,dc=com'
And this too :
> ldapsearch -H ldaps://server:636 -x -D 'admin.test' -w 'xxx' -b 'cn=admin.test,cn=users,dc=domain,dc=com'
But this doesn't work.
ldapsearch -h server -p 636 -x -D 'admin.test' -w 'xxx' -b 'cn=admin.test,cn=users,dc=domain,dc=com' -v
ldap_initialize( ldap://srv-dc01.get.com:636 )
ldap_result: Can't contact LDAP server (-1)
I don't know what's going on. And the cloud want an URL and not an URI. Other question, is it possible to block ldap and let ldaps working?
OS : Linux CentOS 7 with selinux Enforced DC is on server 2008 R2.
Thank you very much. Regards, Alexandre
UPDATE:
From this page it appears that
and that:
More, from
man ldapsearch:To allow only secure connections, have a look here, or another easy solution is an iptable rule:
Thank you, i tried with -Z and -ZZ.
With -ZZ, same error message without ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
You're right, this command does not start the good protocol. Is there a way to force this?