Results 1 to 9 of 9

Thread: LDAP simple bind authentication using port 389

  1. #1
    Ben English Guest

    LDAP simple bind authentication using port 389

    I'd like to use simple bind over LDAP port 389 to authenticate to a Windows
    Server 2003 active directory.

    Is this enabled by default in Windows Server 2003?

    Are there any security risks with this?

    Also what needs to be done to enable simple bind over SSL for LDAP?

    Thanks for your help.

  2. #2
    Michael Ströder Guest

    Re: LDAP simple bind authentication using port 389

    Yes, no problem.

    Yes, the password is transmitted as clear-text. You could use LDAP SASL
    bind with DIGEST-MD5 to slightly mitigate the risk.

    You have to install a SSL cert for the DC.

  3. #3
    Join Date
    Oct 2010
    Posts
    1

    Re: LDAP simple bind authentication using port 389

    Do you have an example LDAP SASL bind with DIGEST-MD5?

    Thanks!
    Rick

  4. #4
    Join Date
    Jul 2011
    Posts
    330

    Re: LDAP simple bind authentication using port 389

    I found a configuration information on this issue. The link below has detailed information on the various issue of LDAP. So if you can read the link below you can get information on detailed LDAP configuration and settings. I think the issue mostly lies with proper settings. The configuration of LDAP over windows server is bit complicated as there is no proper information or guide on web which tell step by step process with images. http://technet.microsoft.com/en-us/l.../dd861403.aspx

  5. #5
    Join Date
    May 2012
    Posts
    3

    Re: LDAP simple bind authentication using port 389

    Hi,

    I have issue authenticating a user in AD-LDAP, admin user gets authenticated successfully but for other users i am getting invalid credentials error though i pass valid username/password.

  6. #6
    Join Date
    Apr 2008
    Posts
    586

    Re: LDAP simple bind authentication using port 389

    Quote Originally Posted by sujata View Post
    Hi,

    I have issue authenticating a user in AD-LDAP, admin user gets authenticated successfully but for other users i am getting invalid credentials error though i pass valid username/password.
    Well, if you are getting an Invalid Credentials error, then the Bind User or Bind Password is likely incorrect. Verify these values and try to search again. Other problem that you may be facing is that you might have referrals in the initial response and the windows LDAP code does not end the credentials to the referral server. If you used kerberos credentials it should work.

  7. #7
    Join Date
    May 2012
    Posts
    3

    Re: LDAP simple bind authentication using port 389

    Thanks for the quick reply.

    I am using ldap client LDAP Browser(eclipse plugin) to bind to AD LDAP.
    Verified the username and password both are valid. When i pass non-admin user details to bind i m getting below error.

    The authentication failed
    - [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772

  8. #8
    Join Date
    Dec 2007
    Posts
    2,291

    Re: LDAP simple bind authentication using port 389

    Quote Originally Posted by sujata View Post
    Thanks for the quick reply.

    I am using ldap client LDAP Browser(eclipse plugin) to bind to AD LDAP.
    Verified the username and password both are valid. When i pass non-admin user details to bind i m getting below error.

    The authentication failed
    - [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 52e, v1772
    Can you try to set the authentication type to ADS_SECURE_AUTHENTICATION and see if that works, more information can be found here - http://msdn.microsoft.com/en-us/libr...8VS.85%29.aspx

  9. #9
    Join Date
    May 2012
    Posts
    3

    Re: LDAP simple bind authentication using port 389

    The users created in AD LDAP through my application have UAC(userAccountControl) set to 66082 which is PASSWORD NOT REQUIRED, i changed this value to 66042 which is NORMAL ACCOUNT | PASSWORD NEVER EXPIRES and also sAMAccountName doesn't get set for the users, added this value also, after this change authentication was successful.

    Passed values in the format
    username@domain
    password

    Now i am not able to understand why UAC is set to 66082 by default and can i set UAC value during user creation in my application. And also wanted my application to work across all the ldap servers(openLdap, ApacheDs dont have this issue)

Similar Threads

  1. LDAP query to speficied LDAP server on TCP port 389 failed
    By Shash in forum Windows Server Help
    Replies: 2
    Last Post: 02-05-2012, 05:01 PM
  2. AD SSL Simple bind failed
    By Vasanth0555 in forum Active Directory
    Replies: 1
    Last Post: 12-10-2011, 01:55 PM
  3. LDAP authentication
    By ac1876 in forum Networking & Security
    Replies: 1
    Last Post: 08-10-2010, 04:05 AM
  4. Replies: 1
    Last Post: 24-03-2010, 10:12 PM
  5. LDAP Bind
    By Sawyer in forum Active Directory
    Replies: 4
    Last Post: 14-05-2009, 11:03 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,692,609.87604 seconds with 17 queries