Here is a quick way how to test LDAP and LDAPS connectivity with ldp.exe
1. Run ldp.exe
2. Connection > Connect, dc.mylab.local (Check SSL if you are testing ldaps)
3. Connection > Bind, (Administrator/Password/mylab.local), check “Bind with Credentials”
4. View > Tree, BaseDN (DC=mylab,DC=local)
5. Browse > Search
Check your Policies
If you can’t connect with ldp.exe by using regular ldap you might have a policy set on your Domain Controller to specifically use LDAPS only. Double check the below and these options should allow you to use regular ldap.
Local Security Policy
Security Settings > Local Policies > Security Options > Domain Controller: LDAP server signing requirements set to none
Group Policy Management Editor
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Domain controller: LDAP server signing requirements set to Not Defined.
If you are getting the below error, chances are that you did not import the SSL certificate from the Domain Controller to the machine trying to do the LDAPS connection, follow the below steps to import the certificate.
ld = ldap_sslinit(“dc.mylab.local”, 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to dc.mylab.local.
On The Domain Controller:
1. Start > Run > mmc.exe, File > Add/Remove Snap-in, Choose Certificates, Computer Account, Local Computer, Finish. (Certificate Authority Role must be installed on this DC)
2. Expand “Trusted Root Certification Authorities > Certificates”, right-click on DC certificate, mylab-DC-CA > All Tasks > Export, “Base-64 encoded x.609 (.CER)”. Save as “dc-mylab-local.cer”
On The Machine trying to connect to DC with ldp.exe
1. Copy “dc-mylba-local.cer” file from DC to the machine attempting to connect to the domain controller.
2. Right-click on the “dc-mylba-local.cer” file > Install Certificate, “Place all certificates in the following store” > Trusted Root Certification Authorities”. You will get a pop up after 1 minute “You are about to install a certificate from a certification authority (CA) claiming to represent: mylab-DC-CA”, click Yes.
3. Now open ldp.exe Connection > Connect, port 636, place checkmark beside SSL