I am currently having a little problem understanding the use of LDAP authentication against Active Directory. Can you explain to me how this works?
This is a broad subject, but I'll try to post some key elements about using LDAP in Active Directory.
LDAP authentication to Active Directory should be installed by default on a Windows 2000 domain controller, and it should listen for a connection on either port 389 (the default LDAP port) or the Global Catalog port (3268). The LDP.EXE client (in Win2k Server) should allow you to double-check these.
Note that if you're interested in having a Windows 2000 server query a Unix LDAP server for authentication, this is not possible due to the differences in the way that Unix and Windows 2000 implement LDAP. The same limitation exists between Novell and Windows 2000, as well. The "proper" way to perform LDAP authentication against a Win2k server is with Microsoft's tools.
If you want to use SASL (Simple Authentication and Security Layer), AD and Windows clients are configured for both simple binds and some SASL mechanisms out of the box. GSSAPI (Generic Security Services Application Programming Interface) should also work fine. SSL (Secure Sockets Layer) will need to be configured separately with an encryption certificate.
Active Directory cannot by default be configured to dynamically check against another LDAP
server for valid credentials, but a product like Microsoft Metadirectory Services would support
bidirectional synchronization between a remote LDAP directory and Active Directory.
This was first published in May 2003