What I meant was that the server refuses to accept connections.Which means a TCP level RST bit set.
Now can't contact LDAP server message is very generic and it doesnt show deep info on what actually happened.
I would imagine no body would have errors setting up an LDAP server ip address. nmap it and see if you are listening on 389.
If you are then listening on 389 and still cannot connect use tcpdump to see if server is sending anything or not.If not then your server refuses to do the search.
Quoting Michael Ströder michael@stroeder.com:
Sankhadip Sengupta wrote:
Michael Ströder wrote:
Santosh Kumar wrote:
./ldapsearch -x -W -h 10.10.10.10 -b "CN=testuser,OU=Users,OU=KeyPairIN,OU=KeyPair,DC=keypair,DC=internal" -S sub Enter LDAP Password: ***
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
This means the server is not reachable at TCP level. Make sure your AD is reachable on the IP address given with -h.
I have encountered this issue before.This I fixed by allowing permissions(anonymous read) on the ADS.By default anonymous read on ADS is not allowed by windows.To do this you need to select a dc from the ADS and right click on it and add "ANONYMOUS LOGON" user to it.Then change the permission to "list all contents".This will work then.
- The error message "Can't contact LDAP server (-1)" clearly indicates
that the server wasn't reachable at TCP level. You definitely won't solve that by allowing anonymous access in AD. Santosh has to solve that issue at network level.
- Changing the AD configuration to allow anonymous access might give
you some issues with people auditing your system (e.g. in the banking business).
Ciao, Michael.