none
Connecting via ADO to LDAP Server with "bad" certificate RRS feed

  • Question

  • From Excel 2016, I'm trying to query an LDAP directory running on a development Linux server. The server is only allowing SSL connects over port 636.  I know the server is using a self-signed temporary certificate, but none the less, all the LDAP Utilities I can find are able to connect to the directory, just fine.  ADO, however, is refusing to connect.  I'm guessing it does not like the certificate.  The error I'm receiving is "VB-ERROR #-2147217865: The server is not operational."

    Any idea how I can get this to work?

    Here is my code...

    Const ADS_USE_SSL = &H2

    Set g_LdapConn = CreateObject("ADODB.Connection")
    g_LdapConn.Provider = "ADsDSOObject"
    g_LdapConn.Properties("User ID") = dbLogin
    g_LdapConn.Properties("Password") = dbPassword
    g_LdapConn.Properties("Encrypt Password") = True
    g_LdapConn.Properties("ADSI Flag") = ADS_USE_SSL
    g_LdapConn.Open "Active Directory Provider"

    Set g_LdapCmd = CreateObject("ADODB.Command")
    Set g_LdapCmd.ActiveConnection = g_LdapConn
    g_LdapCmd.Properties("Page Size") = 1000
    g_LdapCmd.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS
    g_LdapCmd.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    SQL = "SELECT FullName FROM 'LDAP://11.0.5.240/ou=Persons,ou=Customer,o=TESTDB'"
    SQL = "<<a href="ldap://11.0.5.240:636/ou=Persons,ou=Customer,o=TESTDB>;;FullName">LDAP://11.0.5.240:636/ou=Persons,ou=Customer,o=TESTDB>;;FullName;"  '   both statements give same error

    g_LdapCmd.CommandText = SQL

    Set m_rsADO = g_LdapCmd.Execute

    • Moved by Bill_Stewart Wednesday, May 30, 2018 6:30 PM This is not support forum for third party LDAP servers
    Tuesday, March 20, 2018 10:17 AM

All replies

  • You will have to set the correct port for the server.

    .


    \_(ツ)_/

    Tuesday, March 20, 2018 10:48 AM
  • It would help to add the following:

    Const ADS_CHASE_REFERRALS_ALWAYS = &H60 
    Const ADS_SCOPE_SUBTREE = 2
    


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, March 20, 2018 2:00 PM
  • Tuesday, March 20, 2018 3:27 PM
  • The connection in ADO must also specify the port if it is not the providers default port.

    "Server is not operational is from the "Open" and says that the port used was not a AD port.

    In PowerShell we can easily ignore certificate errors.  This is not available in VBScript.  You can add the cert to trusted store to allow it to be trusted.


    \_(ツ)_/

    Tuesday, March 20, 2018 7:40 PM
  • I am using the ADO ADsDSOObject Provider to connect to a Novell Directory Service.  Below is what the documentation for that Provider says.  So, the question is, why would it complain that it is not connecting to an Active Directory Port?  [636 i the port Active Directory uses for LDAPS]

    The Active Directory Service Interfaces (ADSI) Provider allows ADO to connect to heterogeneous directory services through ADSI. This gives ADO applications read-only access to the Microsoft Windows NT 4.0 and Microsoft Windows 2000 directory services, in addition to any LDAP-compliant directory service and Novell Directory Services.

    When I open MMC and go to "Certificates", I see 14 folders with certificates. I tried importing the Temporary Certificate in "Personal" and in "Trusted Root".  Should I be using one of the other folders?

    Wednesday, March 21, 2018 3:06 PM
  • If the cert was the issue you would get a different error.  The issue is that you are not connecting on the correct port or that you connection is being blocked.  "Server not operational" says the server was not found on the host address.

    You should post in Novell forum to find out what conditions at the server would cause this.


    \_(ツ)_/

    Wednesday, March 21, 2018 8:24 PM