Environment
Novell eDirectory
Situation
How to test LDAP authentication
How to tell if LDAP is working properly
Testing ldap authentication
Unable to connect to LDAP over port 636
Unable to connect to LDAP over port 389
How to tell if LDAP is working properly
Testing ldap authentication
Unable to connect to LDAP over port 636
Unable to connect to LDAP over port 389
Resolution
Download "LDAP Browser/Editor version 2.8.2" here.
Note: LDAP Browser/Editor requires Java 1.2.2 (or greater).
To Run the LDAP Browser/Editor
1. Download and unpack the archive (it extracts into 'ldapbrowser' directory)
2. On a Windows machine, execute "lbe.jar" or "lbe.bat"
3. On a UNIX machine, execute "lbe.sh"
Note: If needed, modify lbe.bat (for Win9x/NT) or lbe.sh (for UNIX) with your Java settings.
Note: LDAP Browser/Editor requires Java 1.2.2 (or greater).
To Run the LDAP Browser/Editor
1. Download and unpack the archive (it extracts into 'ldapbrowser' directory)
2. On a Windows machine, execute "lbe.jar" or "lbe.bat"
3. On a UNIX machine, execute "lbe.sh"
Note: If needed, modify lbe.bat (for Win9x/NT) or lbe.sh (for UNIX) with your Java settings.
Additional Information
For Clients that require a certificate be provided, export either from the Servers KMO or the CA.
1. Export the Trusted Root certificate from ConsoleOne or iManager.
a. Open the "LDAP Server" object and choose the "SSL Configuration" tab.
b. Note the object listed in the SSL Certificate dialog box and open that object.
c. Choose "Trusted Root Certificate" in the "Certificates" tab.
d. Do not export the private key.
e. Export the file in DER format; name it c:\RootCert.der.
Or
1a. Export the Self Signed Certificate from ConsoleOne or iManager.
a. Open CA object in O=Security
b. Select Certificates -> Self Signed Certificate
c. Do not export the private key.
d. Export the file in DER format; name it c:\RootCert.der
a. Open the "LDAP Server" object and choose the "SSL Configuration" tab.
b. Note the object listed in the SSL Certificate dialog box and open that object.
c. Choose "Trusted Root Certificate" in the "Certificates" tab.
e. Export the file in DER format; name it c:\RootCert.der.
Or
1a. Export the Self Signed Certificate from ConsoleOne or iManager.
a. Open CA object in O=Security
b. Select Certificates -> Self Signed Certificate
c. Do not export the private key.
d. Export the file in DER format; name it c:\RootCert.der
Non-Secure (389) Anonymous
1. Select "New" then name the Session - Example: <server_name> 389 anonymous
2. On the Connection Tab insert the following information:
Host: Insert the IP address of the LDAP server Example: 192.168.70.12
Port: 389
Base DN: Insert name of your Organization Example: o=novell
Verify Anonymous bind is checked
Non-Secure (389) Authenticated
1. Select "New" then name the Session - Example: <server_name> 389 authenticated
2. On the Connection Tab insert the following information:
Host: Insert the IP address of the LDAP server Example: 192.168.70.12
Port: 389
Base DN: Insert name of your Organization Example: o=novell
Uncheck Anonymous bind
User DN: Insert a user to authenticate as. Example: cn=admin,o=novell (Note: LDAP uses commas to separate username and context)
Password: the user's password
Secure (636) Anonymous
1. Select "New" then name the Session - Example: <server_name> 636 anonymous
2. On the Connection Tab insert the following information:
Host: Insert the IP address of the LDAP server Example: 192.168.70.12
Port: 636
Base DN: Insert name of your Organization Example: o=novell
Check "SSL"
Verify "Anonymous bind" is checked
Secure (636) Authenticated
1. Select "New" then name the Session - Example: <server_name> 636 authenticated
2. On the Connection Tab insert the following information:
Host: Insert the IP address of the LDAP server Example: 192.168.70.12
Port: 636
Base DN: Insert name of your Organization Example: o=novell
Check "SSL"
Verify "Anonymous bind" is unchecked
User DN: Insert a user to authenticate as. Example: cn=admin,o=novell (Note: LDAP uses commas to separate username and context)
Password: the user's password
ldapsearch is also a good tool to test ldap connections.
Key switches are -x for simple bind
-H ldaps:// for the host, connecting securely.
-D is dn for the bind user
-W will prompt for bind users password
-b is the base to start the search
-s is the scope
/usr/bin/ldapsearch -x -H ldaps://192.168.70.12:636 -D cn=admin,o=novell -W -b "o=novell" -s base
Formerly known as TID# 10075010