Le 10/09/2012 14:20, GERF a écrit :
Guillaume,
You wrote: The second URL seems invalid, unless you managed to make your server reply without SSL on port 636.
My Answer: So, should I removed it so I can make it reply with SSL ?
No, using ldap protocol on port 636 won't work.
And either you need SSL connections by default, and you should use only an ldaps:// URI, either you don't, and you should use an ldap:// URI. That doesn't make any sense to use SSL as a fallback if an initial non-connection failed, which is the sense of multiple values for this variable.
BTW, this file (/etc/openldap/ldap.conf) just defines default for openldap libraries, which are only used if the application doesn't specify one. You'd better use an explicit -H option in your ldapsearch command, as you do with an explicit -b option.
You wrote: Which seems to be a valid AD answer. Did you managed to successfully execute the same query against AD directly ?
My Answer: That answer is unknown user or password. When you say against AD, you mean using Ldp.exe ? It does reply successfully with simple bind authentication. See Below.
You can use whatever client, as long as you use the same in both test: direct connection vs connection through the proxy. You're assuming the authentication error comes from the proxy, but you don't have any evidence for it.