RE: [ActiveDir] LDAP Query Fails
Hi Al, I did the following configurations in the OE directory services.. like 1. LDAP server name - I tried by giving both domain name and the server name ( ldap://ldap.server name) 2. I changed the search base also. Like ou=abc,dc=def,dc=com 3. kept the port to 389 for ldap search. After doing all this, when i find ppl by giving the browser address (ldap://ldap.server name) i get following error Specified Directory service could not be reached. The service may be temporarily unavailable or the server name may be incorrect :-( I am not using any kind of Proxy to connect to the internet. Do we have to do some configurations on the Domain Controller also ? This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. Al Mulnick amulnick @hotmail.com Sent by: ActiveDir-owner 10/10/2005 09:34 PM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject: RE: [ActiveDir] LDAP Query Fails Outlook Express (OE) and Search for People use the same WAB provider IIRC. When you open ldap://servername you're really making a call to use WAB.EXE which is the same address book that OE uses to search for users. I notice though, that if you specify a server to contact, that you get that pre-filled in vs. if you open it in search or via OE. Interesting IE uses the following key to control what it uses for the ldap url: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Contacts\Address Book\Protocols\ldap\shell\open\command So my thinking was that you needed to properly specify the directory on the client. It may just be permissions related however, as utilizing the ldap url to open a DC for search provides null credentials by default. Check your security logs (if auditing) to see if this is the case. Note: I notice as I looked at this in my test environment that I had no notification in the event logs. I didn't look at it long enough to see if I had the audit settings perfected, so it's possible I missed something. However, a network trace shows the attempt and an error indicating that I need to first bind. That's not really correct, because I do bind, but I bind anonymously. It should be telling me to allow anonymous bind in order to search etc. If it helps, ldap url syntax is defined in RFC 2255. Al From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 10:07:57 -0400 Hi Mulnick, I get the same error when i give ldap://domainname. Yes i am using IE. Sorry i didnt get what u mean to ask by How are your directory settings in OE configured exactly? Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. Al Mulnick amulnick @hotmail.com Sent by: ActiveDir-owner 10/10/2005 10:01 AM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject:RE: [ActiveDir] LDAP Query Fails What happens if you specify ldap://domainname ? Just out of curiousity. Using IE or some other browser? IE relies on OE IIRC to handle LDAP searches. How are your directory settings in OE configured exactly? From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 07:37:57 -0400 Hi All, Whenever I do LDAP search for any user in AD through browser, (ldap://DC server IP ) it gives me error An error accured while performing the search. Your computer, ISP or the specified directory services may be disconnected. Check ur connections and try again. Operations Error I have tried this even locally on the DC, still it gives the same error. Though it is working very well with LDAP browser ( Softerra ) and using the Search - Find ppl from Start Menu. Any Help!! Regards, Sudhir
RE: [ActiveDir] LDAP Query Fails
Title: Message I suspect that you have some issues with the security settings. To be sure, you'll want to drop a network trace like ~Eric suggested. I think that will be the fastest way to solve the issue. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir KaushalSent: Tuesday, October 11, 2005 7:29 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP Query FailsHi Al, I did the following configurations in the OE directory services.. like 1. LDAP server name - I tried by giving both domain name and the server name ( ldap://ldap.server name) 2. I changed the search base also. Like ou=abc,dc=def,dc=com 3. kept the port to 389 for ldap search. After doing all this, when i find ppl by giving the browser address (ldap://ldap.server name) i get following error " Specified Directory service could not be reached. The service may be temporarily unavailable or the server name may be incorrect":-( I am not using any kind of Proxy to connect to the internet. Do we have to do some configurations on the Domain Controller also ? This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. "Al Mulnick" amulnick@hotmail.com Sent by: ActiveDir-owner 10/10/2005 09:34 PM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject:RE: [ActiveDir] LDAP Query FailsOutlook Express (OE) and Search for People use the same WAB provider IIRC. When you open ldap://servername you're really making a call to use WAB.EXE which is the same address book that OE uses to search for users. I notice though, that if you specify a server to contact, that you get that pre-filled in vs. if you open it in search or via OE. InterestingIE uses the following key to control what it uses for the ldap url: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Contacts\Address Book\Protocols\ldap\shell\open\commandSo my thinking was that you needed to properly specify the directory on the client. It may just be permissions related however, as utilizing the ldap url to open a DC for search provides null credentials by default. Check your security logs (if auditing) to see if this is the case.Note: I notice as I looked at this in my test environment that I had no notification in the event logs. I didn't look at it long enough to see if I had the audit settings perfected, so it's possible I missed something. However, a network trace shows the attempt and an error indicating that I need to first bind. That's not really correct, because I do bind, but I bind anonymously. It should be telling me to allow anonymous bind in order to search etc.If it helps, ldap url syntax is defined in RFC 2255.AlFrom: Sudhir Kaushal [EMAIL PROTECTED]Reply-To: ActiveDir@mail.activedir.orgTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP Query FailsDate: Mon, 10 Oct 2005 10:07:57 -0400Hi Mulnick,I get the same error when i give ldap://domainname. Yes i am using IE.Sorry i didnt get what u mean to ask by " How are your directorysettings in OE configured exactly?Regards,SudhirThis is a PRIVATE message. If you are not the intended recipient, pleasedelete without copying and kindly advise us by e-mail of the mistake indelivery. NOTE: Regardless of content, this e-mail shall not operate tobind CSC to any order or other contract unless pursuant to explicitwritten agreement or government initiative expressly permitting the use ofe-mail for such purpose."Al Mulnick" amulnick@hotmail.comSent by: ActiveDir-owner10/10/2005 10:01 AMPlease respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject:RE: [ActiveDir] LDAP Query FailsWhat happens if you specify ldap://domainname ? Just out of curiousity.Using IE or some other browser?IE relies on OE IIRC to handle LDAP searches. How are your directorysettings in OE configured exactly? From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 07:37:57
RE: [ActiveDir] LDAP Query Fails
Three words Net Work Trace :) From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sudhir KaushalSent: Tuesday, October 11, 2005 7:29 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP Query Fails Hi Al, I did the following configurations in the OE directory services.. like 1. LDAP server name - I tried by giving both domain name and the server name ( ldap://ldap.server name) 2. I changed the search base also. Like ou=abc,dc=def,dc=com 3. kept the port to 389 for ldap search. After doing all this, when i find ppl by giving the browser address (ldap://ldap.server name) i get following error " Specified Directory service could not be reached. The service may be temporarily unavailable or the server name may be incorrect":-( I am not using any kind of Proxy to connect to the internet. Do we have to do some configurations on the Domain Controller also ? This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. "Al Mulnick" amulnick@hotmail.com Sent by: ActiveDir-owner 10/10/2005 09:34 PM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject: RE: [ActiveDir] LDAP Query FailsOutlook Express (OE) and Search for People use the same WAB provider IIRC. When you open ldap://servername you're really making a call to use WAB.EXE which is the same address book that OE uses to search for users. I notice though, that if you specify a server to contact, that you get that pre-filled in vs. if you open it in search or via OE. InterestingIE uses the following key to control what it uses for the ldap url: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Contacts\Address Book\Protocols\ldap\shell\open\commandSo my thinking was that you needed to properly specify the directory on the client. It may just be permissions related however, as utilizing the ldap url to open a DC for search provides null credentials by default. Check your security logs (if auditing) to see if this is the case.Note: I notice as I looked at this in my test environment that I had no notification in the event logs. I didn't look at it long enough to see if I had the audit settings perfected, so it's possible I missed something. However, a network trace shows the attempt and an error indicating that I need to first bind. That's not really correct, because I do bind, but I bind anonymously. It should be telling me to allow anonymous bind in order to search etc.If it helps, ldap url syntax is defined in RFC 2255.AlFrom: Sudhir Kaushal [EMAIL PROTECTED]Reply-To: ActiveDir@mail.activedir.orgTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] LDAP Query FailsDate: Mon, 10 Oct 2005 10:07:57 -0400Hi Mulnick,I get the same error when i give ldap://domainname. Yes i am using IE.Sorry i didnt get what u mean to ask by " How are your directorysettings in OE configured exactly?Regards,SudhirThis is a PRIVATE message. If you are not the intended recipient, pleasedelete without copying and kindly advise us by e-mail of the mistake indelivery. NOTE: Regardless of content, this e-mail shall not operate tobind CSC to any order or other contract unless pursuant to explicitwritten agreement or government initiative expressly permitting the use ofe-mail for such purpose."Al Mulnick" amulnick@hotmail.comSent by: ActiveDir-owner10/10/2005 10:01 AMPlease respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject:RE: [ActiveDir] LDAP Query FailsWhat happens if you specify ldap://domainname ? Just out of curiousity.Using IE or some other browser?IE relies on OE IIRC to handle LDAP searches. How are your directorysettings in OE configured exactly? From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 07:37:57 -0400 Hi All, Whenever I do LDAP search for any user in AD through browser, (ldap://DC server IP ) it gives me error " An error accured while performing the search. Your computer, ISP or the specified directory services may be disconnected. Check ur connections and try again. Operations Error " I have tried this even loc
RE: [ActiveDir] LDAP Query Fails
What happens if you specify ldap://domainname ? Just out of curiousity. Using IE or some other browser? IE relies on OE IIRC to handle LDAP searches. How are your directory settings in OE configured exactly? From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 07:37:57 -0400 Hi All, Whenever I do LDAP search for any user in AD through browser, (ldap://DC server IP ) it gives me error An error accured while performing the search. Your computer, ISP or the specified directory services may be disconnected. Check ur connections and try again. Operations Error I have tried this even locally on the DC, still it gives the same error. Though it is working very well with LDAP browser ( Softerra ) and using the Search - Find ppl from Start Menu. Any Help!! Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP Query Fails
Hi Mulnick, I get the same error when i give ldap://domainname. Yes i am using IE. Sorry i didnt get what u mean to ask by How are your directory settings in OE configured exactly? Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. Al Mulnick amulnick @hotmail.com Sent by: ActiveDir-owner 10/10/2005 10:01 AM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject: RE: [ActiveDir] LDAP Query Fails What happens if you specify ldap://domainname ? Just out of curiousity. Using IE or some other browser? IE relies on OE IIRC to handle LDAP searches. How are your directory settings in OE configured exactly? From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 07:37:57 -0400 Hi All, Whenever I do LDAP search for any user in AD through browser, (ldap://DC server IP ) it gives me error An error accured while performing the search. Your computer, ISP or the specified directory services may be disconnected. Check ur connections and try again. Operations Error I have tried this even locally on the DC, still it gives the same error. Though it is working very well with LDAP browser ( Softerra ) and using the Search - Find ppl from Start Menu. Any Help!! Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP Query Fails
Outlook Express (OE) and Search for People use the same WAB provider IIRC. When you open ldap://servername you're really making a call to use WAB.EXE which is the same address book that OE uses to search for users. I notice though, that if you specify a server to contact, that you get that pre-filled in vs. if you open it in search or via OE. Interesting IE uses the following key to control what it uses for the ldap url: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Contacts\Address Book\Protocols\ldap\shell\open\command So my thinking was that you needed to properly specify the directory on the client. It may just be permissions related however, as utilizing the ldap url to open a DC for search provides null credentials by default. Check your security logs (if auditing) to see if this is the case. Note: I notice as I looked at this in my test environment that I had no notification in the event logs. I didn't look at it long enough to see if I had the audit settings perfected, so it's possible I missed something. However, a network trace shows the attempt and an error indicating that I need to first bind. That's not really correct, because I do bind, but I bind anonymously. It should be telling me to allow anonymous bind in order to search etc. If it helps, ldap url syntax is defined in RFC 2255. Al From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 10:07:57 -0400 Hi Mulnick, I get the same error when i give ldap://domainname. Yes i am using IE. Sorry i didnt get what u mean to ask by How are your directory settings in OE configured exactly? Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. Al Mulnick amulnick @hotmail.com Sent by: ActiveDir-owner 10/10/2005 10:01 AM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject:RE: [ActiveDir] LDAP Query Fails What happens if you specify ldap://domainname ? Just out of curiousity. Using IE or some other browser? IE relies on OE IIRC to handle LDAP searches. How are your directory settings in OE configured exactly? From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 07:37:57 -0400 Hi All, Whenever I do LDAP search for any user in AD through browser, (ldap://DC server IP ) it gives me error An error accured while performing the search. Your computer, ISP or the specified directory services may be disconnected. Check ur connections and try again. Operations Error I have tried this even locally on the DC, still it gives the same error. Though it is working very well with LDAP browser ( Softerra ) and using the Search - Find ppl from Start Menu. Any Help!! Regards, Sudhir This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] LDAP Query Fails
Sudhir do you have a network sniff of the original problem? I think that's likely the easiest way to diagnose this. That way we see the problem itself. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Monday, October 10, 2005 9:04 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Query Fails Outlook Express (OE) and Search for People use the same WAB provider IIRC. When you open ldap://servername you're really making a call to use WAB.EXE which is the same address book that OE uses to search for users. I notice though, that if you specify a server to contact, that you get that pre-filled in vs. if you open it in search or via OE. Interesting IE uses the following key to control what it uses for the ldap url: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Contacts\Address Book\Protocols\ldap\shell\open\command So my thinking was that you needed to properly specify the directory on the client. It may just be permissions related however, as utilizing the ldap url to open a DC for search provides null credentials by default. Check your security logs (if auditing) to see if this is the case. Note: I notice as I looked at this in my test environment that I had no notification in the event logs. I didn't look at it long enough to see if I had the audit settings perfected, so it's possible I missed something. However, a network trace shows the attempt and an error indicating that I need to first bind. That's not really correct, because I do bind, but I bind anonymously. It should be telling me to allow anonymous bind in order to search etc. If it helps, ldap url syntax is defined in RFC 2255. Al From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 10:07:57 -0400 Hi Mulnick, I get the same error when i give ldap://domainname. Yes i am using IE. Sorry i didnt get what u mean to ask by How are your directory settings in OE configured exactly? Regards, Sudhir --- - This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. --- - Al Mulnick amulnick @hotmail.com Sent by: ActiveDir-owner 10/10/2005 10:01 AM Please respond to ActiveDir To: ActiveDir@mail.activedir.org cc: Subject:RE: [ActiveDir] LDAP Query Fails What happens if you specify ldap://domainname ? Just out of curiousity. Using IE or some other browser? IE relies on OE IIRC to handle LDAP searches. How are your directory settings in OE configured exactly? From: Sudhir Kaushal [EMAIL PROTECTED] Reply-To: ActiveDir@mail.activedir.org To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP Query Fails Date: Mon, 10 Oct 2005 07:37:57 -0400 Hi All, Whenever I do LDAP search for any user in AD through browser, (ldap://DC server IP ) it gives me error An error accured while performing the search. Your computer, ISP or the specified directory services may be disconnected. Check ur connections and try again. Operations Error I have tried this even locally on the DC, still it gives the same error. Though it is working very well with LDAP browser ( Softerra ) and using the Search - Find ppl from Start Menu. Any Help!! Regards, Sudhir --- - This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. --- - List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/