Return
-
Title
When using a Microsoft Active Directory directory is LDAP or LDAPS used? -
Description
When using a Microsoft Active Directory directory is LDAP / 389 or LDAPS / 636 used? -
Cause
Safeguard will use LDAP searches for items such as:- To check the Active Directory ‘Directories” connection is valid and online.- Managing Discovery tasks on Directories (importing users from a customer specified group(s) for example)- When an Active Directory based logon occurs to Safeguard (web or client).- To locate domain controller(s) to perform any type authentication. -
Resolution
LDAPS is not used when connecting to Active Directory. Safeguard connects via LDAP TCP/389, and uses Kerberos / GSS-API and SASL to authenticate and encrypt LDAP communications.
Safeguard follows the standard behavior of Windows / Microsoft protocols and attempts to use the highest level of security that the connection will allow. This is the same mechanism used by Windows desktop AD logins. Unsecured LDAP is not used. -
Change Request
772308