Using ldp.exe to test LDAP and LDAPS connectivity

Here is a quick way how to test LDAP and LDAPS connectivity with ldp.exe

LDAP
=====
1. Run ldp.exe
2. Connection > Connect, dc.mylab.local (Check SSL if you are testing ldaps)
3. Connection > Bind, (Administrator/Password/mylab.local), check “Bind with Credentials”
4. View > Tree, BaseDN (DC=mylab,DC=local)
5. Browse > Search

Filter: (&(&(objectClass=User)(objectcategory=person))(objectClass=user)(samaccountname=JDoe))

Test ldap connectivity with ldp.exe

Check your Policies
If you can’t connect with ldp.exe by using regular ldap you might have a policy set on your Domain Controller to specifically use LDAPS only. Double check the below and these options should allow you to use regular ldap.

Local Security Policy
Security Settings > Local Policies > Security Options > Domain Controller: LDAP server signing requirements set to none

Group Policy Management Editor
Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Domain controller: LDAP server signing requirements set to Not Defined.

 

LDAPS
======
If you are getting the below error, chances are that you did not import the SSL certificate from the Domain Controller to the machine trying to do the LDAPS connection, follow the below steps to import the certificate.

ld = ldap_sslinit(“dc.mylab.local”, 636, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 81 = ldap_connect(hLdap, NULL);
Server error: <empty>
Error <0x51>: Fail to connect to dc.mylab.local.

On The Domain Controller:
1.  Start > Run > mmc.exe,  File > Add/Remove Snap-in, Choose Certificates, Computer Account, Local Computer, Finish. (Certificate Authority Role must be installed on this DC)
2.  Expand “Trusted Root Certification Authorities > Certificates”, right-click on DC certificate, mylab-DC-CA > All Tasks > Export, “Base-64 encoded x.609 (.CER)”. Save as “dc-mylab-local.cer”

On The Machine trying to connect to DC with ldp.exe
1.  Copy “dc-mylba-local.cer” file from DC to the machine attempting to connect to the domain controller.
2.  Right-click on the “dc-mylba-local.cer” file > Install Certificate, “Place all certificates in the following store” > Trusted Root Certification Authorities”.  You will get a pop up after 1 minute “You are about to install a certificate from a certification authority (CA) claiming to represent: mylab-DC-CA”, click Yes.
3.  Now open ldp.exe Connection > Connect, port 636, place checkmark beside SSL

Screenshots:

usiing ldp.exe to connect over ldaps

LDAPS Connection Fails Due to missing DC SSL Certificate

ldp.exe ldaps installing certificate from domain controller

Installing dc.mylab.local SSL Certificate

connected to dc with ldp.exe over ldaps

Successful Connection over LDAPS with ldp.exe

Verify certificate has been imported ldaps ldp.exe

To confirm the SSL certificate has been imported
1. Start > Run > mmc.exe
2. File > add snap-in, choose Certificates > “My user account”, “expand Trusted Root Certification Authority”
3. It can be seen here “mylab-DC-CA”

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SPONSOR:


This entry was posted in Windows and tagged , , , , , , , , , , , . Bookmark the permalink.

One Response to Using ldp.exe to test LDAP and LDAPS connectivity

  1. lee says:

    This link was outstanding , Fixed my ldp 636 error 81 ….THANKS

Leave a Reply

Your email address will not be published. Required fields are marked *