problem binding to Windows 2003 Active Directory using LDAPS (from Linux)

Cmdr_Tofu has asked for the wisdom of the Perl Monks concerning the following question:

Hi guys, I have looked around but I cannot find a solution. In a 4 year old node a Windows-only solution was identified, but I need to be able to update Windows passwords from Linux.

I suppose we could create a separate service on a Windows machine which my Linux perl script talked to but this would be highly undesirable. kinit and kpasswd utilities are also be sufficient just to change Active Directory passwords from Linux, but we will likely need to do other things as well.

I think the real challenge is understanding how to use SSL properly (which I do not) so I will post my code snippet and related error message and see if any of you can help me.

use Net::LDAP;
use Net::LDAPS;

$uri = "ldaps://mywin2k3vm.mydomain.com";

$ad=Net::LDAPS->new($uri) or die "FAILED: $@";
[download]

This exits with the error "FAILED: IO::Socket::SSL: Timeout at ./setpasswd.pl line 25, <DATA> line 225."

Running sniffit as root, I can see that a connection from my machine is made to the Win2k3 Active Directory on the correct port (636).

Does anyone know what I am doing wrong?

Many thanks,

Rohit Mehta

Comment on problem binding to Windows 2003 Active Directory using LDAPS (from Linux) Download Code

Replies are listed 'Best First'.
Re: problem binding to Windows 2003 Active Directory using LDAPS (from Linux) by NetWallah (Canon) on Apr 18, 2005 at 21:30 UTC
LDAPS is not enabled by default on an AD server. Please try to telnet to port 636 : if it connects, LDAPS is installed. Here is a Microsoft article on how to install a certificate and enable LDAPS : LDAP over SSL with a third-party certification authority. Hope this helps. "There are only two truly infinite things. The universe and stupidity, and I'm not too sure about the universe"- Albert Einstein	[reply]
Re^2: problem binding to Windows 2003 Active Directory using LDAPS (from Linux) by Cmdr_Tofu (Scribe) on Apr 19, 2005 at 00:25 UTC
Thanks, I will check this tomorrow and update with my results. update Thanks for putting me on the right track. I found this related Microsoft article which gave me an easy way to do it. For others who might wish to do the same thing (on the DC): mount your windows 2003 CD control panel=>settings=>add/remove programs=>add remove/components install certificate services set up an enterprise CA (talk to Windows experts in your group if this is a production environment!) reboot the DC Rohit Mehta	[reply]
Re: problem binding to Windows 2003 Active Directory using LDAPS (from Linux) by starbolin (Hermit) on Apr 19, 2005 at 05:16 UTC
Have you checked if the expression: `$ad=Net::LDAPS->new($uri)` is returning a True/False and not a reference to an object? s//----->\t/;$~="JAPH";s//\r<$~~/;{s\|~$~-\|-~$~\|\|\|s \|-$~~\|$~~-\|\|\|s,<$~~,<~$~,,s,~$~>,$~~>,, $\|=1,select$,,$,,$,,1e-1;print;redo}	[reply] [d/l]
Re^2: problem binding to Windows 2003 Active Directory using LDAPS (from Linux) by Cmdr_Tofu (Scribe) on Apr 19, 2005 at 13:17 UTC
It was returning false (""), but now that the certificates are happy it returns a crazy looking string which could be an object reference "Net::LDAPS=HASH(0x8454ff4)". Thanks! Rohit Mehta	[reply]