Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



LDAP simple bind authentication using port 389

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 15-01-2009
Ben English
 
Posts: n/a
LDAP simple bind authentication using port 389

I'd like to use simple bind over LDAP port 389 to authenticate to a Windows
Server 2003 active directory.

Is this enabled by default in Windows Server 2003?

Are there any security risks with this?

Also what needs to be done to enable simple bind over SSL for LDAP?

Thanks for your help.

Reply With Quote
  #2  
Old 15-01-2009
Michael Ströder
 
Posts: n/a
Re: LDAP simple bind authentication using port 389

Yes, no problem.

Yes, the password is transmitted as clear-text. You could use LDAP SASL
bind with DIGEST-MD5 to slightly mitigate the risk.

You have to install a SSL cert for the DC.
Reply With Quote
  #3  
Old 16-10-2010
Member
 
Join Date: Oct 2010
Posts: 1
Re: LDAP simple bind authentication using port 389

Do you have an example LDAP SASL bind with DIGEST-MD5?

Thanks!
Rick
Reply With Quote
  #4  
Old 02-05-2012
Member
 
Join Date: Jul 2011
Posts: 325
Re: LDAP simple bind authentication using port 389

I found a configuration information on this issue. The link below has detailed information on the various issue of LDAP. So if you can read the link below you can get information on detailed LDAP configuration and settings. I think the issue mostly lies with proper settings. The configuration of LDAP over windows server is bit complicated as there is no proper information or guide on web which tell step by step process with images. http://technet.microsoft.com/en-us/l.../dd861403.aspx
Reply With Quote
  #5  
Old 14-05-2012
Member
 
Join Date: May 2012
Posts: 3
Re: LDAP simple bind authentication using port 389

Hi,

I have issue authenticating a user in AD-LDAP, admin user gets authenticated successfully but for other users i am getting invalid credentials error though i pass valid username/password.
Reply With Quote
  #6  
Old 14-05-2012
Member
 
Join Date: Apr 2008
Posts: 586
Re: LDAP simple bind authentication using port 389

Quote:
Originally Posted by sujata View Post
Hi,

I have issue authenticating a user in AD-LDAP, admin user gets authenticated successfully but for other users i am getting invalid credentials error though i pass valid username/password.
Well, if you are getting an Invalid Credentials error, then the Bind User or Bind Password is likely incorrect. Verify these values and try to search again. Other problem that you may be facing is that you might have referrals in the initial response and the windows LDAP code does not end the credentials to the referral server. If you used kerberos credentials it should work.
Reply With Quote
  #7  
Old 14-05-2012
Member
 
Join Date: May 2012
Posts: 3
Re: LDAP simple bind authentication using port 389

Thanks for the quick reply.

I am using ldap client LDAP Browser(eclipse plugin) to bind to AD LDAP.
Verified the username and password both are valid. When i pass non-admin user details to bind i m getting below error.

The authentication failed
- [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772
Reply With Quote
  #8  
Old 14-05-2012
Member
 
Join Date: Dec 2007
Posts: 2,273
Re: LDAP simple bind authentication using port 389

Quote:
Originally Posted by sujata View Post
Thanks for the quick reply.

I am using ldap client LDAP Browser(eclipse plugin) to bind to AD LDAP.
Verified the username and password both are valid. When i pass non-admin user details to bind i m getting below error.

The authentication failed
- [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772
Can you try to set the authentication type to ADS_SECURE_AUTHENTICATION and see if that works, more information can be found here - http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx
Reply With Quote
  #9  
Old 14-05-2012
Member
 
Join Date: May 2012
Posts: 3
Re: LDAP simple bind authentication using port 389

The users created in AD LDAP through my application have UAC(userAccountControl) set to 66082 which is PASSWORD NOT REQUIRED, i changed this value to 66042 which is NORMAL ACCOUNT | PASSWORD NEVER EXPIRES and also sAMAccountName doesn't get set for the users, added this value also, after this change authentication was successful.

Passed values in the format
username@domain
password

Now i am not able to understand why UAC is set to 66082 by default and can i set UAC value during user creation in my application. And also wanted my application to work across all the ldap servers(openLdap, ApacheDs dont have this issue)
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Tags: , , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "LDAP simple bind authentication using port 389"
Thread Thread Starter Forum Replies Last Post
LDAP query to speficied LDAP server on TCP port 389 failed Shash Windows Server Help 2 02-05-2012 05:01 PM
AD SSL Simple bind failed Vasanth0555 Active Directory 1 12-10-2011 01:55 PM
LDAP authentication ac1876 Networking & Security 1 08-10-2010 04:05 AM
LDAP Issue - LDAP BIND against Windows 2008 DC does not work karrma Active Directory 1 24-03-2010 10:12 PM
LDAP Bind Sawyer Active Directory 4 14-05-2009 11:03 PM


All times are GMT +5.5. The time now is 09:08 PM.