LDAPMBS and LDAPS

Hi there.

I am using LDAPMBS and can successfully make LDAP connections and update entries, using the standard insecure LDAP port 389.

However, I want to make connections using LDAPS on port 636, but I am not able to bind. I understand I need to use a constructor to prepare the secure connection, but when I then execute the simplebind or bind, the connection fails. “Error contacting the LDAP server”, as if the server is not responding. However, the server is available on port 636.

For a secure LDAP connection, is the bind process different?

Thanks, much appreciated.
JH

This is 19.3 plugin version? Mac? Windows? Linux?

// connect with SSL dim ldap as new LDAPMBS("ldaps://192.168.1.123")

This is the example code which used to work for us.
Just pass URL with ldaps:// prefix. What does LastError property say after Constructor?

Hi Christian,

Thanks for the reply. The plugin is 19.2, is 19.3 fixing this?
I am building both on a Mac and on Windows 10.
I have used the various ways the constructor statements are documented, including your example above.
The Constructor passes without errors, but the SimpleBind or Bind stages fail.
On Mac it generates an error -1: Can’t contact LDAP server
On Windows it generates error 81: Server down
From the Mac and Windows I can connect successfully to AD using LDAP admin tools using LDAPS.

Thanks, kind regards,

Can you give me a server to query?
Then I can try myself and see if I can get to error about wrong password…

Hi Christian,

Unfortunately this is a server on a private network only accessible using a VPN.
We can try it over TeamViewer, if you want.

I have tried the same with two other domain controllers, on different domains, and the reaction remains the same. Using the Constructor with ldap:// works, with ldaps:// fails at the stage of SimpleBind or Bind.

Well, I could try it myself if someone has a test server with a known login to work, I could try it.

Otherwise it’s probably some flag not set correctly as we just pass through parameters to LDAP frameworks.

Does your server do LDAP via port 389 in plain text and via port 636 in SSL?
Or does it want port 389 to go via TLS with plain text hello and then TLS initialization?

Mac, Linux or Windows?

Hi Christian,

It is a standard Windows Server (2016), with Active Directory. Port 389 uses TLS, 636 SSL.

Hi Christian, back from holiday yet? Can we organise a test connection to an AD server to see how the plugin behaves with SSL connections on port 636?

Best regards
Jaap

Already back for a week.
Current IP is 217.251.179.113, but that can change once a day.