LDAP questions

  • Thread starter Thread starter Suchrithaa Rajkumar
  • Start date Start date
S

Suchrithaa Rajkumar

I have the following few LDAP questions and I am not sure if this is the
right forum to discuss. If this is not the correct forum please suggest me
to which forum I should discuss this.

1) I would like to know on my AD server on which Port the LDAPS (LDAP over
SSL) is running. I have tried with netstat -n -p -tcp. But I could not see
anywhere LDAP running on 636. Is there a tool available to find this?

2) Is it possible to do a LDAP search without bind? The API
ldap_search_ext_s() fails to fetch any values if I give a filter
(ObjectClass = *)

Regards
Suchrithaa
 
Hello,
1) Here is a list of ports used by Active Directory.
RPC endpoint mapper 135/tcp, 135/udp
NetBIOS name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
RPC dynamic assignment 1024-65535/tcp
SMB over IP (Microsoft-DS) 445/tcp, 445/udp
LDAP 389/tcp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
DNS 53/tcp[1], 53/udp
WINS resolution (if required) 1512/tcp, 1512/udp
WINS replication (if required) 42/tcp, 42/udp
Network time protocol (NTP) 123/udp


2) Not by default, but see KBs below:

How to Configure Active Directory to Allow Anonymous Queries
http://support.microsoft.com/default.aspx?scid=kb;en-us;320528

How to view and set LDAP policy in Active Directory by using Ntdsutil.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;315071

Anonymous LDAP operations to Active Directory are disabled on Windows Server
2003 domain controllers
http://support.microsoft.com/kb/326690/EN-US/
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
Hi,

1. Have you made the connection yet? If not, then netstat will not
list it.
Use LDP and select the SSL box when connecting to the DC.

2. You must bind in some way, whether it be anonymously, using SSPI,
Digest, or other means, before performing an LDAP search.

Chris Malone
 
Back
Top