LDAP questions

  • Thread starter Suchrithaa Rajkumar
  • Start date
S

Suchrithaa Rajkumar

I have the following few LDAP questions and I am not sure if this is the
right forum to discuss. If this is not the correct forum please suggest me
to which forum I should discuss this.

1) I would like to know on my AD server on which Port the LDAPS (LDAP over
SSL) is running. I have tried with netstat -n -p -tcp. But I could not see
anywhere LDAP running on 636. Is there a tool available to find this?

2) Is it possible to do a LDAP search without bind? The API
ldap_search_ext_s() fails to fetch any values if I give a filter
(ObjectClass = *)

Regards
Suchrithaa
 
C

Chriss3 [MVP]

Hello,
1) Here is a list of ports used by Active Directory.
RPC endpoint mapper 135/tcp, 135/udp
NetBIOS name service 137/tcp, 137/udp
NetBIOS datagram service 138/udp
NetBIOS session service 139/tcp
RPC dynamic assignment 1024-65535/tcp
SMB over IP (Microsoft-DS) 445/tcp, 445/udp
LDAP 389/tcp
LDAP over SSL 636/tcp
Global catalog LDAP 3268/tcp
Global catalog LDAP over SSL 3269/tcp
Kerberos 88/tcp, 88/udp
DNS 53/tcp[1], 53/udp
WINS resolution (if required) 1512/tcp, 1512/udp
WINS replication (if required) 42/tcp, 42/udp
Network time protocol (NTP) 123/udp


2) Not by default, but see KBs below:

How to Configure Active Directory to Allow Anonymous Queries
http://support.microsoft.com/default.aspx?scid=kb;en-us;320528

How to view and set LDAP policy in Active Directory by using Ntdsutil.exe
http://support.microsoft.com/default.aspx?scid=kb;en-us;315071

Anonymous LDAP operations to Active Directory are disabled on Windows Server
2003 domain controllers
http://support.microsoft.com/kb/326690/EN-US/
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
C

Chris Malone

Hi,

1. Have you made the connection yet? If not, then netstat will not
list it.
Use LDP and select the SSL box when connecting to the DC.

2. You must bind in some way, whether it be anonymously, using SSPI,
Digest, or other means, before performing an LDAP search.

Chris Malone
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Binding to AD using LDAP over SSL 4
SSL connect to LDAP 0
LDAP - SetPassword-ChangePassword method 0
how to tell if an AD server supports LDAP over SSL? 2
How to prevent LDAP simple bind? 9
LDAP Connection Issue 1
Disabled account and LDAP 3
LDAP Query Error 1

Top