KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

Error message querying the AD using LDAP-test

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting
View previous topic :: View next topic  
Author Message
Wooltown



Joined: 22 May 2002
Posts: 115
Location: Sweden

PostPosted: Tue Apr 27, 2004 4:45 am    Post subject: Error message querying the AD using LDAP-test Reply with quote

Hello !

I use the LDAP-test to query the AD, and perform a search op, but it fails

HM: 4.42 running on W2k SP4
Domaincontroller running Windows 2003 server
Base object: OU=Users,DC=global,DC=ad
Res Limit: 3
Search filter: (cn=3)

Result:
LdapErr: DSID-0C0905FF, comment: In order to perform this operation a succesful bind must be completed on the connection, data 0, vece

Any ideas ?

Regards
Sven
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Tue Apr 27, 2004 7:09 pm    Post subject: Reply with quote

I checked code - HostMonitor does not start Search operation until Bind operation is done....
If you disable "Perform search op" option, what status of the test will be set?

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Wooltown



Joined: 22 May 2002
Posts: 115
Location: Sweden

PostPosted: Wed Apr 28, 2004 6:21 am    Post subject: Reply with quote

Then I get the message "Host is alive"

Does HM use the account in Options, Startup, Service when it does the LDAP test ?? - I am running HM as a Service.
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Wed Apr 28, 2004 11:28 pm    Post subject: Reply with quote

Quote:
Does HM use the account in Options, Startup, Service when it does the LDAP test ?? - I am running HM as a Service.


No, it uses default "local system" account. LDAP test works independently on account.
But.... can you try to start HostMonitor as application? If this help, we add code to impersonate user account.

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Wooltown



Joined: 22 May 2002
Posts: 115
Location: Sweden

PostPosted: Thu Apr 29, 2004 12:19 pm    Post subject: Reply with quote

I startde HM as an aplication, but I get the same error. As I understood your answer, when you run HM as an application it uses the account as I am logged on ?!?!

The password in the LDAP test, what is that for ?
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Thu Apr 29, 2004 2:52 pm    Post subject: Reply with quote

Quote:
As I understood your answer, when you run HM as an application it uses the account as I am logged on ?!?!


Yes, it cannot use any other.

Quote:
The password in the LDAP test, what is that for ?


LDAP server may request password.
Quote from RFC
Quote:

LDAP implementations SHOULD support authentication with the "simple" password choice when the connection is protected against eavesdropping using TLS


HostMonitor sends password when it makes Bind request. If Bind request fails, HM sets "Bad" or "Unknown" status ("Bad" status if server rejected request, "Unknown" status if no response from the server). HostMonitor sends Search request only if Bind requst completted successfully. That's why I am confused by error returned from the server: "In order to perform this operation a succesful bind must be completed..."

Probably If HostMonitor pass in a blank password to the bind and the password for the user is not blank you will be given anonymous credentials instead of being returned an invalid credentials error message. But why server returns "a succesful bind must be completed..." error instead of some "not enough permissions.."...

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Thu Apr 29, 2004 2:55 pm    Post subject: Reply with quote

If we assume that server returns wrong error description, there is good explanation why search request fails http://support.microsoft.com/default.aspx?scid=kb;en-us;326690

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Wooltown



Joined: 22 May 2002
Posts: 115
Location: Sweden

PostPosted: Fri Apr 30, 2004 12:58 am    Post subject: Reply with quote

Hello !

The account I'm using is a Domain Admin Account and have all the necessary rights in the domain.

the DsHeuristics value doesn't exist in my domain.

Perhaps you have to enter a userid/password to make a bind ?

Regards
Sven
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Mon May 03, 2004 2:34 pm    Post subject: Reply with quote

Sorry for delay. I tried to contact with nsoftware.com - developer of component that we are using in HostMonitor for LDAP test (we are using just several 3rd party classes). Unfortunatelly we did not receive any answer
Looks like we need to redesign this module using our own code. I have added this task into "to do" list. Sorry, cannot give any good recommendation

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Wooltown



Joined: 22 May 2002
Posts: 115
Location: Sweden

PostPosted: Tue May 04, 2004 1:14 am    Post subject: Reply with quote

That's OK, I will wait, knowing if you wait for something good, you can't wait too long


/Sven
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index