This article applies to:

• SNAC (All Versions)

Question:

• How can I confirm if a LDAP server is accessible on NAC?

Procedure:

LDAP authentication will only work if the LDAP server connection is configured properly and the server is available.

Here is a basic test that can be performed to diagnose LDAP authentication issues.

1. Navigate to: Configuration > Authorization > LDAP
2. The entries required to confirm port connectivity are in the first 2 fields.
   • LDAP Server: The FQDN of your LDAP server
   • LDAP Port: The port you are using to connect to LDAP. This is usually 389 (for the standard LDAP protocol) or 636 (for LDAP secure which also requires a certificate)
3. Use netcat to test connectivity:
   
   These examples attempt a connection, with verbose output and a timeout. You should get a response quickly. If the command exits with no response then the connection did not succeed.
   
   For more detailed information about netcat, see the man page.
   
   Testing port 636 (LDAPS) with a timeout of 60 seconds.
   
   nc <ldapserverip> 636 -v -w 60
   
   Testing port 389 (LDAP) with a timeout of 60 seconds.
   nc <ldapserverip> 389 -v -w 60
   
   
4. On older NAC appliances you can use telnet to test connectivity to this server and port. The syntax to test is:
   
   telnet <ldap-server-fqdn> <ldap-port>
   
   Example:
   
   telnet mynameisldap.server.com 389
   
   The example is a test to the server mynameisldap.server.com over port 389 which is the default LDAP port.
   
   A successful connection will show you a blank screen which indicates that you have communicated successfully over that port.
   
   If the output stalls on connecting To <ldap-server-fqdn> 389 then there is a networking, firewall, or configuration issue that must be addressed before the NAC can connect.