Novell Error 81 connection

1
votes

We have tried to connect to a remote Novell server from our offices.

First, we had to open the firewall port to connect to the server, otherwise we were getting error 91 (which basically tells that the server cannot be joined).

Second, we used a tool called LDAP Browser to test the connection.

We get the error 81 "can't contact LDAP server". But we looked at the traces of communications and we see that we contact the server and gets a response. We also tested with Telnet and we see that we can connect to the server.

So, is anybody know what this error means and what are the possible solutions? Because, I googled that error and got no valid answer telling what to check and what is the cause.

The Novell server is hosted by a third party, so we cannot provide you its IP, even less the user/password.

We are connecting on the 636 port. In the trace of LDAP browser, we see that its getting to the step of "Initializing SSL..." but then fails to connect.

1
ldapnovell

1 Answers

2
votes

Two issues I think: 1) What kind of bind are you trying to do? SSL? Clear text? Anonymous?

2) How is it configured on the eDirectory side for LDAP binds?

The tool LDAP Browser, are you referring to the one at this link?
Free LDAP Browser

On the eDirectory side, they can require TLS for all LDAP communication, and they can disallow Anonymous binds.

Can you ask the folks at the other end to enable LDAP tracing (Using DStrace with the +LDAP option enabled, some links for how to use Dstrace on Novell eDirectory look at: Different types of Dstrace Capturing and understand DS Trace for Identity Manager.)

That usually will show an error message that will enlighten you.

My guess is either Require TLS is enabled, and you might not be doing a successful SSL bind.

If so, try to connect on port 636, with SSL enabled, and a fully qualified DN for the user you are trying to login as.

If you are trying with SSL enabled, and you are not getting a pop up box about accepting the tree CA's trusted root certficate, then perhaps the CA or the SSL certificate taht the eDirectory server is user has expired or is broken. (There are any number of causes for this that can be common, and take but a moment to fix).

Usually in Dstrace you will see an error about the SSL certificate if there is a problem. An example from a Novell Identity Manager perspective of an expired certificate is in this article: Certificate Expired As well as some details on how to fix the certificates.

Next possibility is that the DN you are specifying is not quite correct.

From an error 81 perspective, here are a couple of links for how AD would show the 81 error case, to get a feel for possibilities (mostly SSL related). AD SSL via IDM driver

Let me know if you need further help.