Announcement

Collapse
No announcement yet.
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using ports in LDAP string are not working

    We are configuring a new system. We are on build 21.86.1828.0. We are trying to get Active Directory integration working. It seems to work using LDAP://domain1.anycompany.com/dc=anycompany,dc=com but because of security concerns this really is not an option. Documentation would suggest that we can use port numbers such as
    LDAP://domain1.anycompany.com:389/dc=anycompany,dc=com
    LDAP://domain1.anycompany.com:636/dc=anycompany,dc=com

    Neither of these work and also LDAPS://domain1.anycompany.com/dc=anycompany,dc=com does not work.
    Any suggestions on why using a port number in the ldap string does not work?
    Thanks

  • #2
    If you have your machine joined to the domain and it is authorized to do delegation you should be able to use any valid string you can query.
    Lance Paddock
    BTX | Business Telephone eXchange
    1(800) 289-0299

    Comment


    • #3
      Thanks for the suggestion. We selected Trust this computer for delegation to any service (Kerberos only) but that did not help. Server is joined to the domain. It is a Windows 2016 server.

      Comment


      • #4
        Originally posted by Lance View Post
        If you have your machine joined to the domain and it is authorized to do delegation you should be able to use any valid string you can query.
        ^This is for legacy AD integration. Connect does not use this.

        You'll want to reach out to TAC. Per my notes, only the first LDAP string you posted is valid for ShoreTel. I've been told ShoreTel doesn't support port change for LDAP or LDAPS. I have had success using GC instead of LDAP, if that helps.

        Comment


        • #5

          The first 2 strings should be valid

          This should work LDAP://domain1.anycompany.com:389/dc=anycompany,dc=com is the same as LDAP://domain1.anycompany.com/dc=anycompany,dc=com

          The ADsPath statement has the following format:
          LDAP://HostName[:PortNumber][/DistinguishedName]

          The “HostName” can be a computer or server name, an IP address, or a domain name. Typically, a server name is specified. For Connect, the Active Directory server is usually specified. The “PortNumber” is the port to be used for the connection to the directory. If no port number is specified, LDAP uses the default port number (636 if using an SSL connection or 389 if not using an SSL connection).

          If you have more than one CN, OU or DC I would check the string with a LDAP browser
          Lance Paddock
          BTX | Business Telephone eXchange
          1(800) 289-0299

          Comment


          • #6
            I have noticed each version of connect allows slight different variations of the LDAP string.

            For example the recent build Build:21.87.3629.0 doesn't appear to allow LDAP://domain1.anycompany.com:389/dc=anycompany,dc=com but it will allow LDAP://domain1:389/dc=anycompany,dc=com
            or
            LDAP://domain1.anycompany.com/dc=anycompany,dc=com

            Lance Paddock
            BTX | Business Telephone eXchange
            1(800) 289-0299

            Comment

            Working...
            X