how to tell if an AD server supports LDAP over SSL?

[Guest]

I'm just an end user and do authenticated bind (I use ldapsearch command on unix) to our AD server (say, ad.my.edu) using my own username/password. How can I tell if the AD server supports LDAP over SSL? I tried 'telnet ad.my.edu 636' but did not get anything back. I also did 'ldapsearch -H ldaps://ad.my.edu' -s sub -b dc=my, dc=edu -D (e-mail address removed) -W "samaccountname=foo", but got 'ldap_bind: Can't contact LDAP server' back. So can I make a conclusion that our AD server does not support SSL?

Thanks,

Bing

 

[Hunter Coleman]

It does, but you'll need a certificate to enable it, which your DC(s)
probably don't have yet.
http://support.microsoft.com/default.aspx?scid=kb;en-us;247078
and
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051

--
Hunter

I'm just an end user and do authenticated bind (I use ldapsearch command

on unix) to our AD server (say, ad.my.edu) using my own username/password.
How can I tell if the AD server supports LDAP over SSL? I tried 'telnet
ad.my.edu 636' but did not get anything back. I also did 'ldapsearch -H
ldaps://ad.my.edu' -s sub -b dc=my, dc=edu -D (e-mail address removed) -W
"samaccountname=foo", but got 'ldap_bind: Can't contact LDAP server' back.
So can I make a conclusion that our AD server does not support SSL?

 

[Simon Geary]

And when the certificate is set up the simplest way to test is to use ldp to
bind to port 636 on the DC. If you get the RootDSE then it is working.