Results 1 to 5 of 5

Thread: LDAP Bind

  1. #1
    Sawyer Guest

    LDAP Bind

    Hello all

    We have a forest level trust between two 2003 native mode forests. In
    forestA we have a user account that need to be able to pull user information
    using LDAP to from forestB. We had the admin in forestB add the account from
    forestA to a domain local group in forestB. I am now testing this
    configuration out using LDP.exe. I can make a connection to a DC in forestB,
    but i cant do a bind using the account from forestA. I dont think the
    account needs elevated permissions in order to do a bind, because i can do a
    bind to my local domain using any AD account and i can view a basDN. When i
    try and do a bind to forestB using the account from forestA i get error
    "NTauthidentity:user=itsm;PWD unavailable.

    I'm assuming if i cant do a ldap bind using ldp.exe i wont be able to pull
    user information from the other forest?

    Thanks


  2. #2
    Joe Kaplan Guest

    Re: LDAP Bind

    Windows "secure" bind should work here, but you will need to provide a
    domain for a qualified user name. Are you doing that? I don't think simple
    bind will work in this case but I can't remember for sure. Hopefully you
    don't require simple bind.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    "Sawyer" <Gmail@gmail.com> wrote in message
    news:A7C2A54F-2A12-4765-9B27-1D7C88116B81@microsoft.com...
    > Hello all
    >
    > We have a forest level trust between two 2003 native mode forests. In
    > forestA we have a user account that need to be able to pull user
    > information using LDAP to from forestB. We had the admin in forestB add
    > the account from forestA to a domain local group in forestB. I am now
    > testing this configuration out using LDP.exe. I can make a connection to a
    > DC in forestB, but i cant do a bind using the account from forestA. I dont
    > think the account needs elevated permissions in order to do a bind,
    > because i can do a bind to my local domain using any AD account and i can
    > view a basDN. When i try and do a bind to forestB using the account from
    > forestA i get error "NTauthidentity:user=itsm;PWD unavailable.
    >
    > I'm assuming if i cant do a ldap bind using ldp.exe i wont be able to pull
    > user information from the other forest?
    >
    > Thanks



  3. #3
    Sawyer Guest

    Re: LDAP Bind

    Hello Joe

    in ldp.exe what option is the "secure bind" i do provide the local domain
    name of the user account in forestA that is trying to perform the bind to
    forestB

    Thanks again

    "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message
    news:OtP3q3$0JHA.1372@TK2MSFTNGP05.phx.gbl...
    > Windows "secure" bind should work here, but you will need to provide a
    > domain for a qualified user name. Are you doing that? I don't think
    > simple bind will work in this case but I can't remember for sure.
    > Hopefully you don't require simple bind.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > "Sawyer" <Gmail@gmail.com> wrote in message
    > news:A7C2A54F-2A12-4765-9B27-1D7C88116B81@microsoft.com...
    >> Hello all
    >>
    >> We have a forest level trust between two 2003 native mode forests. In
    >> forestA we have a user account that need to be able to pull user
    >> information using LDAP to from forestB. We had the admin in forestB add
    >> the account from forestA to a domain local group in forestB. I am now
    >> testing this configuration out using LDP.exe. I can make a connection to
    >> a DC in forestB, but i cant do a bind using the account from forestA. I
    >> dont think the account needs elevated permissions in order to do a bind,
    >> because i can do a bind to my local domain using any AD account and i can
    >> view a basDN. When i try and do a bind to forestB using the account from
    >> forestA i get error "NTauthidentity:user=itsm;PWD unavailable.
    >>
    >> I'm assuming if i cant do a ldap bind using ldp.exe i wont be able to
    >> pull user information from the other forest?
    >>
    >> Thanks

    >



  4. #4
    Joe Kaplan Guest

    Re: LDAP Bind

    If you have one of the more recent versions of ldp.exe and the bind dialog
    has radio buttons for the bind types, the top two use Negotiate auth by
    default which is what you want. The second option (bind with credentials)
    would be the one you would use since you want to supply specific
    credentials.

    I can't remember the older versions as well but I think as long as the UI
    shows the domain box, it should be doing Negotiate auth (secure bind). If
    the trust exists, the bind should succeed if the credentials are valid.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    "Sawyer" <Gmail@gmail.com> wrote in message
    news:DFF51E2E-AA15-469A-804B-714724204882@microsoft.com...
    > Hello Joe
    >
    > in ldp.exe what option is the "secure bind" i do provide the local domain
    > name of the user account in forestA that is trying to perform the bind to
    > forestB
    >
    > Thanks again
    >
    > "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message
    > news:OtP3q3$0JHA.1372@TK2MSFTNGP05.phx.gbl...
    >> Windows "secure" bind should work here, but you will need to provide a
    >> domain for a qualified user name. Are you doing that? I don't think
    >> simple bind will work in this case but I can't remember for sure.
    >> Hopefully you don't require simple bind.
    >>
    >> --
    >> Joe Kaplan-MS MVP Directory Services Programming
    >> Co-author of "The .NET Developer's Guide to Directory Services
    >> Programming"
    >> http://www.directoryprogramming.net
    >> "Sawyer" <Gmail@gmail.com> wrote in message
    >> news:A7C2A54F-2A12-4765-9B27-1D7C88116B81@microsoft.com...
    >>> Hello all
    >>>
    >>> We have a forest level trust between two 2003 native mode forests. In
    >>> forestA we have a user account that need to be able to pull user
    >>> information using LDAP to from forestB. We had the admin in forestB add
    >>> the account from forestA to a domain local group in forestB. I am now
    >>> testing this configuration out using LDP.exe. I can make a connection to
    >>> a DC in forestB, but i cant do a bind using the account from forestA. I
    >>> dont think the account needs elevated permissions in order to do a bind,
    >>> because i can do a bind to my local domain using any AD account and i
    >>> can view a basDN. When i try and do a bind to forestB using the account
    >>> from forestA i get error "NTauthidentity:user=itsm;PWD unavailable.
    >>>
    >>> I'm assuming if i cant do a ldap bind using ldp.exe i wont be able to
    >>> pull user information from the other forest?
    >>>
    >>> Thanks

    >>

    >



  5. #5
    Sawyer Guest

    Re: LDAP Bind

    Yea that worked, i was able to do a ldap bind using ldp.exe from a 2008 DC
    "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message
    news:%23jqGM$D1JHA.6004@TK2MSFTNGP02.phx.gbl...
    > If you have one of the more recent versions of ldp.exe and the bind dialog
    > has radio buttons for the bind types, the top two use Negotiate auth by
    > default which is what you want. The second option (bind with credentials)
    > would be the one you would use since you want to supply specific
    > credentials.
    >
    > I can't remember the older versions as well but I think as long as the UI
    > shows the domain box, it should be doing Negotiate auth (secure bind). If
    > the trust exists, the bind should succeed if the credentials are valid.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > "Sawyer" <Gmail@gmail.com> wrote in message
    > news:DFF51E2E-AA15-469A-804B-714724204882@microsoft.com...
    >> Hello Joe
    >>
    >> in ldp.exe what option is the "secure bind" i do provide the local domain
    >> name of the user account in forestA that is trying to perform the bind to
    >> forestB
    >>
    >> Thanks again
    >>
    >> "Joe Kaplan" <joseph.e.kaplan@removethis.accenture.com> wrote in message
    >> news:OtP3q3$0JHA.1372@TK2MSFTNGP05.phx.gbl...
    >>> Windows "secure" bind should work here, but you will need to provide a
    >>> domain for a qualified user name. Are you doing that? I don't think
    >>> simple bind will work in this case but I can't remember for sure.
    >>> Hopefully you don't require simple bind.
    >>>
    >>> --
    >>> Joe Kaplan-MS MVP Directory Services Programming
    >>> Co-author of "The .NET Developer's Guide to Directory Services
    >>> Programming"
    >>> http://www.directoryprogramming.net
    >>> "Sawyer" <Gmail@gmail.com> wrote in message
    >>> news:A7C2A54F-2A12-4765-9B27-1D7C88116B81@microsoft.com...
    >>>> Hello all
    >>>>
    >>>> We have a forest level trust between two 2003 native mode forests. In
    >>>> forestA we have a user account that need to be able to pull user
    >>>> information using LDAP to from forestB. We had the admin in forestB add
    >>>> the account from forestA to a domain local group in forestB. I am now
    >>>> testing this configuration out using LDP.exe. I can make a connection
    >>>> to a DC in forestB, but i cant do a bind using the account from
    >>>> forestA. I dont think the account needs elevated permissions in order
    >>>> to do a bind, because i can do a bind to my local domain using any AD
    >>>> account and i can view a basDN. When i try and do a bind to forestB
    >>>> using the account from forestA i get error
    >>>> "NTauthidentity:user=itsm;PWD unavailable.
    >>>>
    >>>> I'm assuming if i cant do a ldap bind using ldp.exe i wont be able to
    >>>> pull user information from the other forest?
    >>>>
    >>>> Thanks
    >>>

    >>

    >



Similar Threads

  1. LDAP simple bind authentication using port 389
    By Ben English in forum Active Directory
    Replies: 8
    Last Post: 14-05-2012, 06:28 PM
  2. LDAP query to speficied LDAP server on TCP port 389 failed
    By Shash in forum Windows Server Help
    Replies: 2
    Last Post: 02-05-2012, 05:01 PM
  3. AD SSL Simple bind failed
    By Vasanth0555 in forum Active Directory
    Replies: 1
    Last Post: 12-10-2011, 01:55 PM
  4. Problem in binding the user in LDAP using Spring LDAP
    By deepti.agrawal in forum Software Development
    Replies: 1
    Last Post: 25-04-2011, 03:26 AM
  5. Replies: 1
    Last Post: 24-03-2010, 10:12 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,716,354,869.49971 seconds with 17 queries