Connecting to Active Directory
Novell Cool Solutions: Tip
Digg This -
Posted: 16 Dec 2004
Here are some tips on connecting to Active Directory, offered by one of our Forum experts. First, the reader's question:
"I installed Nsure Identity Manager then imported a working DirXML 1.1a NDS-to-AD driver. The driver starts OK, but in the logfile this error keeps occuring:
[08/30/04 13:42:43.829]: ADDriver PT: DirXML Log Event ------------------- Driver: \TEST\TEST1\DirXML2\ADDriver Channel: Publisher Status: Retry Message: <message>unable to connect to Active Directory</message> <ldap-err ldap-rc="81" ldap-rc-name="LDAP_SERVER_DOWN"/>
I'm using eDirectory 8.7.3 SP1 and iManager 2.0.2. I can connect with an LDAP browser, and I have the latest addriver.dll. Any thoughts on this?"
And our expert's response:
This is usually caused by a bad value in the Authentication Server parameter. The preferred value is the DNS name of the domain controller you want to talk to. You can use an IP address or leave it blank, but these two options have restrictions. Using the IP address can be problematic with the Negotiate authentication method, so its restricted for use with Simple Bind (preferably over SSL) and LDAP-style name for the Authentication ID. Blank means use the local host.
The DNS name must resolve on the machine running the addriver.dll shim. You can test basic connectivity using ldifde.exe on the machine hosting the addriver.dll by doing something like this:
ldifde -f afile.txt -s
"cn=someuser,cn=users,dc=mydomain,dc=com" -p base -a <authentication id>
A common problem in a lab environment is that the server that's hosting the addriver.dll cannot lookup the domain controller name. That is because the server is pointed at the corporate DNS server, not the one that has the test AD domain in it.
Another frequent mistake is to use the DNS name of the domain instead of the domain controller.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com