Mohammad D wrote:
I could finally configure active directory server to allow anonymous LDAP searches.
You should not do that. At least you should not assume that an AD admin is willing to allow that. You should bind as any user who can read the configuration partition.
the CRL Distribution Point given in the certificates issued by this server is : ldap:///CN=test,CN=testca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=mohamad,DC=ir?certificateRevocationList?base?objectClass=cRLDistributionPoint
Is this a running CA? Details about how MS Certificate Services work with MS AD are best asked in Microsoft forums.
I did the following search on ubuntu: ldapsearch -x -h 192.168.81.129 -b "CN=test,CN=testca,CN=CDP,CN= Public Key Services,CN=Services,CN=Configuration,DC=mohamad,DC=ir" "(objectClass=cRLDistributionPoint)" certificateRevocationList
it returns: [..] result: 32 No such object
Which means the entry specified with -b does not exist.
BTW only the second link works but its German and I don't know German.
2011/5/16 Michael Ströder <michael@stroeder.com mailto:michael@stroeder.com> There is also ldap.signtrust.de http://ldap.signtrust.de directory.d-trust.de http://directory.d-trust.de
That's what your mail reader automagically turned my text into. But these were meant just as the *hostnames* not HTTP URLs of LDAP servers listening on port 389.
ldap://ldap.signtrust.de ldap://directory.d-trust.de
Sorry, I can't help you any further at that detailed level.
Ciao, Michael.