This article applies to:
Question:
- How can I confirm if a LDAP server is accessible on NAC?
Procedure:
LDAP authentication will only work if the LDAP server connection is configured properly and the server is available.
Here is a basic test that can be performed to diagnose LDAP authentication issues.
- Navigate to: Configuration > Authorization > LDAP
- The entries required to confirm port connectivity are in the first 2 fields.
- LDAP Server: The FQDN of your LDAP server
- LDAP Port: The port you are using to connect to LDAP. This is usually 389 (for the standard LDAP protocol) or 636 (for LDAP secure which also requires a certificate)
- Use netcat to test connectivity:
These examples attempt a connection, with verbose output and a timeout. You should get a response quickly. If the command exits with no response then the connection did not succeed.
For more detailed information about netcat, see the man page.
Testing port 636 (LDAPS) with a timeout of 60 seconds.
nc <ldapserverip> 636 -v -w 60
Testing port 389 (LDAP) with a timeout of 60 seconds.
nc <ldapserverip> 389 -v -w 60
- On older NAC appliances you can use telnet to test connectivity to this server and port. The syntax to test is:
telnet <ldap-server-fqdn> <ldap-port>
Example:
telnet mynameisldap.server.com 389
The example is a test to the server mynameisldap.server.com over port 389 which is the default LDAP port.
A successful connection will show you a blank screen which indicates that you have communicated successfully over that port.
If the output stalls on connecting To <ldap-server-fqdn> 389 then there is a networking, firewall, or configuration issue that must be addressed before the NAC can connect.