How are you accessing AD when you generate this traffic? AD LDAP is normal
LDAP, but there are many other interfaces to AD that use different
protocols. Was the traffic you saw on port 389?
Hey,
I am trying to find some info on LDAP behavior (using Active
Directory). And I see on an ethereal capture, that when I access an AD
Server on the same System It seems to use NBNS/NBIPX (This is not in
ASN.1) where as when I access an external Server it uses the ldap
protcol ie All Messages are in ASN.1 BER
Could you please tell me if I am missing something here. Because this
seems weird behavior to me.
Re: How do I convert sid retrieved from the AD to SDDL string form ...LDAP doesn't support joins. ...Joe Kaplan-MS MVP Directory Services Programming... Co-author of "The .NET Developer's Guide to Directory Services Programming"...objectSid property to a SecurityIdentifier class. ... (microsoft.public.dotnet.security)
Re: Urgent: Restrict LDAP Queries of a domain user ... The way I read your question was from a strictly LDAP sense....query, they can do a one-level or base level query as well. ...Joe Kaplan-MS MVP Directory Services Programming... Co-author of "The .NET Developer's Guide to Directory Services Programming"... (microsoft.public.windows.server.active_directory)
Re: Tuning LDAP ... changing the maxPageSize from the default of 1000. ...single LDAP query and forcing the LDAP client to use paged queries to ... As such, any app, including an innocuous looking script, could begin causing ... Co-author of "The .NET Developer's Guide to Directory Services Programming"... (microsoft.public.windows.server.active_directory)
Re: LDAP authentication security ? ... Using an internally rooted CA can be less expensive, but it is less easy to get all of the clients to trust your certs issued by this CA, especially in an environment that includes non-Windows machines that can't take advantage of auto enrollment or GPO for distributing trusted roots. ... Co-author of "The .NET Developer's Guide to Directory Services Programming"... If the application supports SASL bind with either GSS-SPNEGO or DIGEST authentication, then you can use that directly with AD without needing to secure the channel as those authentication mechanisms are already secure without channel encryption. ... Simple bind is the authentication mechanism in the LDAP V3 spec and is supported by all LDAP directories. ... (microsoft.public.windows.server.security)
Re: LDAP Query ... in this case I'd suggest using LDP.... Since you are planning to program LDAP in .NET, ... Co-author of "The .NET Developer's Guide to Directory Services Programming"... to program the query and get the results, ... (microsoft.public.windows.server.active_directory)
