LDAPMBS and LDAPS

  1. 2 months ago

    Jaap H

    Jul 6 Geneva, Switzerland

    Hi there.

    I am using LDAPMBS and can successfully make LDAP connections and update entries, using the standard insecure LDAP port 389.

    However, I want to make connections using LDAPS on port 636, but I am not able to bind. I understand I need to use a constructor to prepare the secure connection, but when I then execute the simplebind or bind, the connection fails. "Error contacting the LDAP server", as if the server is not responding. However, the server is available on port 636.

    For a secure LDAP connection, is the bind process different?

    Thanks, much appreciated.
    JH

  2. Christian S

    Jul 6 Pre-Release Testers, Xojo Pro, XDC Speakers, Third Party Store Germany

    This is 19.3 plugin version? Mac? Windows? Linux?

    // connect with SSL
     dim ldap as new LDAPMBS("ldaps://192.168.1.123")

    This is the example code which used to work for us.
    Just pass URL with ldaps:// prefix. What does LastError property say after Constructor?

  3. Jaap H

    Jul 7 Geneva, Switzerland

    Hi Christian,

    Thanks for the reply. The plugin is 19.2, is 19.3 fixing this?
    I am building both on a Mac and on Windows 10.
    I have used the various ways the constructor statements are documented, including your example above.
    The Constructor passes without errors, but the SimpleBind or Bind stages fail.
    On Mac it generates an error -1: Can't contact LDAP server
    On Windows it generates error 81: Server down
    From the Mac and Windows I can connect successfully to AD using LDAP admin tools using LDAPS.

    Thanks, kind regards,

  4. Christian S

    Jul 7 Pre-Release Testers, Xojo Pro, XDC Speakers, Third Party Store Germany

    Can you give me a server to query?
    Then I can try myself and see if I can get to error about wrong password...

  5. Jaap H

    Jul 7 Geneva, Switzerland
    Edited 2 months ago

    Hi Christian,

    Unfortunately this is a server on a private network only accessible using a VPN.
    We can try it over TeamViewer, if you want.

    I have tried the same with two other domain controllers, on different domains, and the reaction remains the same. Using the Constructor with ldap:// works, with ldaps:// fails at the stage of SimpleBind or Bind.

  6. Christian S

    Jul 7 Pre-Release Testers, Xojo Pro, XDC Speakers, Third Party Store Germany

    Well, I could try it myself if someone has a test server with a known login to work, I could try it.

    Otherwise it's probably some flag not set correctly as we just pass through parameters to LDAP frameworks.

  7. Christian S

    Jul 7 Pre-Release Testers, Xojo Pro, XDC Speakers, Third Party Store Germany

    Does your server do LDAP via port 389 in plain text and via port 636 in SSL?
    Or does it want port 389 to go via TLS with plain text hello and then TLS initialization?

  8. Christian S

    Jul 7 Pre-Release Testers, Xojo Pro, XDC Speakers, Third Party Store Germany

    Mac, Linux or Windows?

  9. Jaap H

    Jul 9 Geneva, Switzerland

    Hi Christian,

    It is a standard Windows Server (2016), with Active Directory. Port 389 uses TLS, 636 SSL.

  10. 8 weeks ago

    Jaap H

    Jul 21 Geneva, Switzerland

    Hi Christian, back from holiday yet? Can we organise a test connection to an AD server to see how the plugin behaves with SSL connections on port 636?

    Best regards
    Jaap

  11. Christian S

    Jul 21 Pre-Release Testers, Xojo Pro, XDC Speakers, Third Party Store Germany

    Already back for a week.
    Current IP is 217.251.179.113, but that can change once a day.

or Sign Up to reply!