View previous topic :: View next topic |
Author |
Message |
Wooltown
Joined: 22 May 2002 Posts: 115 Location: Sweden
|
Posted: Tue Apr 27, 2004 4:45 am Post subject: Error message querying the AD using LDAP-test |
|
|
Hello !
I use the LDAP-test to query the AD, and perform a search op, but it fails
HM: 4.42 running on W2k SP4
Domaincontroller running Windows 2003 server
Base object: OU=Users,DC=global,DC=ad
Res Limit: 3
Search filter: (cn=3)
Result:
LdapErr: DSID-0C0905FF, comment: In order to perform this operation a succesful bind must be completed on the connection, data 0, vece
Any ideas ?
Regards
Sven |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Tue Apr 27, 2004 7:09 pm Post subject: |
|
|
I checked code - HostMonitor does not start Search operation until Bind operation is done....
If you disable "Perform search op" option, what status of the test will be set?
Regards
Alex |
|
Back to top |
|
|
Wooltown
Joined: 22 May 2002 Posts: 115 Location: Sweden
|
Posted: Wed Apr 28, 2004 6:21 am Post subject: |
|
|
Then I get the message "Host is alive"
Does HM use the account in Options, Startup, Service when it does the LDAP test ?? - I am running HM as a Service. |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Wed Apr 28, 2004 11:28 pm Post subject: |
|
|
Quote: | Does HM use the account in Options, Startup, Service when it does the LDAP test ?? - I am running HM as a Service. |
No, it uses default "local system" account. LDAP test works independently on account.
But.... can you try to start HostMonitor as application? If this help, we add code to impersonate user account.
Regards
Alex |
|
Back to top |
|
|
Wooltown
Joined: 22 May 2002 Posts: 115 Location: Sweden
|
Posted: Thu Apr 29, 2004 12:19 pm Post subject: |
|
|
I startde HM as an aplication, but I get the same error. As I understood your answer, when you run HM as an application it uses the account as I am logged on ?!?!
The password in the LDAP test, what is that for ? |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Thu Apr 29, 2004 2:52 pm Post subject: |
|
|
Quote: | As I understood your answer, when you run HM as an application it uses the account as I am logged on ?!?! |
Yes, it cannot use any other.
Quote: | The password in the LDAP test, what is that for ? |
LDAP server may request password.
Quote from RFC Quote: |
LDAP implementations SHOULD support authentication with the "simple" password choice when the connection is protected against eavesdropping using TLS |
HostMonitor sends password when it makes Bind request. If Bind request fails, HM sets "Bad" or "Unknown" status ("Bad" status if server rejected request, "Unknown" status if no response from the server). HostMonitor sends Search request only if Bind requst completted successfully. That's why I am confused by error returned from the server: "In order to perform this operation a succesful bind must be completed..."
Probably If HostMonitor pass in a blank password to the bind and the password for the user is not blank you will be given anonymous credentials instead of being returned an invalid credentials error message. But why server returns "a succesful bind must be completed..." error instead of some "not enough permissions.."...
Regards
Alex |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
|
Back to top |
|
|
Wooltown
Joined: 22 May 2002 Posts: 115 Location: Sweden
|
Posted: Fri Apr 30, 2004 12:58 am Post subject: |
|
|
Hello !
The account I'm using is a Domain Admin Account and have all the necessary rights in the domain.
the DsHeuristics value doesn't exist in my domain.
Perhaps you have to enter a userid/password to make a bind ?
Regards
Sven |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12795 Location: USA
|
Posted: Mon May 03, 2004 2:34 pm Post subject: |
|
|
Sorry for delay. I tried to contact with nsoftware.com - developer of component that we are using in HostMonitor for LDAP test (we are using just several 3rd party classes). Unfortunatelly we did not receive any answer
Looks like we need to redesign this module using our own code. I have added this task into "to do" list. Sorry, cannot give any good recommendation
Regards
Alex |
|
Back to top |
|
|
Wooltown
Joined: 22 May 2002 Posts: 115 Location: Sweden
|
Posted: Tue May 04, 2004 1:14 am Post subject: |
|
|
That's OK, I will wait, knowing if you wait for something good, you can't wait too long
/Sven |
|
Back to top |
|
|
|