LDAP connection working for some applications but not others

I have a server which has LDAP properly configured on it .. its IP is 172.19.50.121 ... Now I have other machines on the same network, and if I use an LDAP browser such as Softerra LDAP Administrator or Sysinternals Active Directory Explorer, then I can connect with LDAP and browse it with no problems ..

I am now developing in Lombardi Teamworks (BPM software), and am giving it the following credentials to connect to this same LDAP, but I keep getting the Connection refused: connect exception/error .. The details I'm giving it are the following, which are the same details which worked with the above mentioned tools:

host=172.19.50.121 port=389 login=CN=ldapconntest,CN=Users,DC=sag002dev,DC=root password=ahmad

The error Connection refused: connect normally occurs when you've specified an incorrect port, which is actually closed on the target machine .. But in this case, port 389 is correct because that is the port I specify when I connect using Softerra LDAP Administrator ... But, if I try to telnet like this:

telnet 172.19.50.121 389, it does not connect through, which could mean its closed ? ... So there's conflicting information here :/ ..

So I'm confused as to where is the problem !? :(

Ahmad

Posted 2012-06-30T10:29:53.610

Reputation: 455

Answers

Try to analyze the network traffic with tools like tcpdump, tshark, wireshark etc. You should be able to see if you at least receive replies.

Valentin

Posted 2012-06-30T10:29:53.610

Reputation: 826

telnet will not speak LDAP protocol. Use ldapsearch to verify that the server can be reached from the IP address you require. For example:

ldapsearch -h 172.19.50.121 -p 389 -b '' -s base '(&)' 1.1

For more information about ldapsearch, see LDAP: Mastering ldapsearch.

Terry Gardner

Posted 2012-06-30T10:29:53.610

Reputation: 827

telnet is not supposed to speak any protocol, besides TCP/IP. You still should be able to telnet to the LDAP port and see if a connection could be established or not. – Valentin – 2012-06-30T12:05:33.930

Correct, telnet will indicate whether or not a connection can be established, but should not be used in this case because the connection might be established but the server unable to process a request due to load or some other factor. However, using a known good tool like ldapsearch will verify that the connection can be established and the authentication state of the LDAP session verified. Telnet is useless in the case where the server accepts the connection and but would be unable to process a request, and can give a false indication as to the health of the server. – Terry Gardner – 2012-06-30T13:51:34.073