Return
-
Title
When using a Microsoft Active Directory directory is LDAP or LDAPS used? -
Description
When using a Microsoft Active Directory directory is LDAP / 389 or LDAPS / 636 used? -
Cause
Safeguard will use LDAP searches for items such as:- To check the Active Directory ‘Directories” connection is valid and online.- Managing Discovery tasks on Directories (importing users from a customer specified group(s) for example)- When an Active Directory based logon occurs to Safeguard (web or client).- To locate domain controller(s) to perform any type authentication. -
Resolution
LDAPS is not used when connecting to Active Directory. Safeguard follows the standard behavior of Windows / Microsoft protocols and attempts to use the highest level of security that the connection will allow. Safeguard connects via LDAP TCP/389, and uses Kerberos / GSS-API and SASL to authenticate and encrypt LDAP communications. This is the same mechanism used by Windows desktop AD logins. Unsecured LDAP is not used.