question

VamsiKrishna-1564 avatar image
1 Vote"
VamsiKrishna-1564 asked ·

Issues connecting to Azure AD DS

I am unable to connect to Azure AD DS from a local application, I am getting Error Code: 91 when tired connecting to Azure AD DS domain and when tried from local ldap client (ldp.exe) observing the below error


ld = ldap_sslinit("gdriverptest.onmicrosoft.com", 636, 1); Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3); Error 81 = ldap_connect(hLdap, NULL); Server error: <empty> Error <0x51>: Fail to connect to gdriverptest.onmicrosoft.com.

Can anyone help me in fixing the issue?

azure-active-directoryazure-ad-domain-services
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

saurabhsh-msft avatar image
0 Votes"
saurabhsh-msft answered ·

This looks like a certificate issue. Can you please make sure that the certificate is issued for the specific server name(fully qualified domain name). Please refer to Create a certificate for secure LDAP to validate if the certificate meets the requirements.
You also need to validate if inbound traffic is allowed on port 636. The requirement is documented here


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

VamsiKrishna-1564 avatar image
0 Votes"
VamsiKrishna-1564 answered ·

Thanks for the update @saurabhsharma-msft, i was able to fix the connection issue by creating a new self-signed certificate with the same steps, but now i am running into a new issue where I am unable to bind the connection with a user credentials, i am using admin credentials for binding the connection in ldp.exe
53 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
{NtAuthIdentity: User='REDACTED.onmicrosoft.com'; Pwd=<unavailable>; domain = 'REDACTED.onmicrosoft.com'}
Error <49>: ldap_bind_s() failed: Invalid Credentials.
Server error: 8009030C: LdapErr: DSID-0C090595, comment: AcceptSecurityContext error, data 52e, v3839
Error 0x8009030C The logon attempt failed

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.