Ask the Expert

How LDAP authentication works with AD

I am currently having a little problem understanding the use of LDAP authentication against Active Directory. Can you explain to me how this works?

Requires Free Membership to View

This is a broad subject, but I'll try to post some key elements about using LDAP in Active Directory.

LDAP authentication to Active Directory should be installed by default on a Windows 2000 domain controller, and it should listen for a connection on either port 389 (the default LDAP port) or the Global Catalog port (3268). The LDP.EXE client (in Win2k Server) should allow you to double-check these.

Note that if you're interested in having a Windows 2000 server query a Unix LDAP server for authentication, this is not possible due to the differences in the way that Unix and Windows 2000 implement LDAP. The same limitation exists between Novell and Windows 2000, as well. The "proper" way to perform LDAP authentication against a Win2k server is with Microsoft's tools.

If you want to use SASL (Simple Authentication and Security Layer), AD and Windows clients are configured for both simple binds and some SASL mechanisms out of the box. GSSAPI (Generic Security Services Application Programming Interface) should also work fine. SSL (Secure Sockets Layer) will need to be configured separately with an encryption certificate.

Active Directory cannot by default be configured to dynamically check against another LDAP server for valid credentials, but a product like Microsoft Metadirectory Services would support bidirectional synchronization between a remote LDAP directory and Active Directory.

This was first published in May 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: