Q

How LDAP authentication works with AD

I am currently having a little problem understanding the use of LDAP authentication against Active Directory. Can you explain to me how this works?

This is a broad subject, but I'll try to post some key elements about using LDAP in Active Directory.

LDAP authentication to Active Directory should be installed by default on a Windows 2000 domain controller, and it should listen for a connection on either port 389 (the default LDAP port) or the Global Catalog port (3268). The LDP.EXE client (in Win2k Server) should allow you to double-check these.

Note that if you're interested in having a Windows 2000 server query a Unix LDAP server for authentication, this is not possible due to the differences in the way that Unix and Windows 2000 implement LDAP. The same limitation exists between Novell and Windows 2000, as well. The "proper" way to perform LDAP authentication against a Win2k server is with Microsoft's tools.

If you want to use SASL (Simple Authentication and Security Layer), AD and Windows clients are configured for both simple binds and some SASL mechanisms out of the box. GSSAPI (Generic Security Services Application Programming Interface) should also work fine. SSL (Secure Sockets Layer) will need to be configured separately with an encryption certificate.

Active Directory cannot by default be configured to dynamically check against another LDAP server for valid credentials, but a product like Microsoft Metadirectory Services would support bidirectional synchronization between a remote LDAP directory and Active Directory.
 

This was first published in May 2003

Dig deeper on Windows Operating System Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close