locked
LDAP : local vs. remote RRS feed

  • Question

  • User1287227003 posted

    Hi there,

    Hopefully my question contains all relevant data, so people with experience in this field are able to recognize and/or answer it :

    I am running a web application, containing a back-end portal for employees. Now, as we are speaking of a small (non-profit) organization, these users are stored in Active Directory (W2k3). Currently I'm considering the possibility to connect the security of this backend to Active Directory (using ASP.net's ActiveDirectoryProvider). Now, I have a VPN connection to the server the AD is on. With a simple command application I connect to this server in the following way :

    DirectoryEntry enTry = new DirectoryEntry("LDAP://server.domain.local:389/CN=Users,DC=domain,DC=local", "SomeUser", "SomePass");

    This works, and when I request commands, they are executed. Now, the problem arises when I try to connect to the AD, when I'm not connected using VPN (thus, connecting using the fully qualified name or the IP address). I more or less connect in the same way then : (IP address is just an example)

    DirectoryEntry enTry = new DirectoryEntry("LDAP://255.255.255.255:389/CN=Users,DC=domain,DC=local", "SomeUser", "SomePass"); 

    When requesting commands, nothing is executed, and I keep getting errors that the server could not be found. Am i doing something wrong? Or is a setting required on the server to allow external connections to the LDAP ? Any help will be greatly appreciated !!!

    Thanks in advance !

    Kind regrds,
    Niels

    Saturday, September 9, 2006 4:53 PM

All replies

  • User1439985827 posted
    Is there a firewall in the way? Does the Server have a truely public IP? Can you ping the server's IP?
    Sunday, September 10, 2006 1:43 AM
  • User1287227003 posted

    Hi vcsjones, thanks for your quick reply !

    Indead, the server has a firewall (could port 389 be blocked?)
    The IP is indead public (a website is hosted on the same IP), and I can ping it.

    Would/could a solution be to open port 389?

    Kind regards,
    Niels

    Sunday, September 10, 2006 5:28 AM
  • User1439985827 posted
    Yes, that port should be open if you are using it for LDAP communication.
    Sunday, September 10, 2006 10:54 AM