When
a
user connects to a DC at logon, he/she is granted a service ticket from the
KDC
service on that DC. That ticket is good within that domain (strictly speaking,
Kerberos realm).
The
user then queries both a DC *and* GC for various info at logon, using the
same ticket (the process is more convoluted than I depict, but further detail
would detract from the point I am making).
Each
app uses a unique port and the port used to query a GC is 3268 (and the port
used to query DNS is 53, for example).
I
hope
this sheds some light,
neil
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet
Sent: 11 March 2005 16:43
To: [email protected]
Subject: RE: [ActiveDir] Binding to ldap process..Thanks for the reply joe, however one last questions remains:Is the process of binding to the GC (in the case I'm connecting to port 3268) different from say: A user authentication to AD when logging on to a workstation? Does it use the same kerberos ticket system?Thanks!!Francis
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: 11 mars 2005 11:28
To: [email protected]
Subject: RE: [ActiveDir] Binding to ldap process..You have two major functions in this area1. Connect. This is where you specify the server, port, and network protocol you want to use. If you select connectionless you are using UDP, otherwise you are using TCP. For most folks, UDP is useless, so you may not want to play with it too much. You can also specify an SSL connection. Until you work out the basics, don't worry about it.2. Bind. This is where you specify the ID you want to connect to AD with and the authentication mechanism you want to use. The calls are all going against the server/port that you specified in 1. Note that you can't authenticate a UDP connection (just one reason why you don't generally want to play with UDP).Some apps combine that all together in the background so you don't see it such as my adfind command line tool. You simply specify what you want and off it goes and handles the binding and connecting and everything else for you.joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet
Sent: Friday, March 11, 2005 11:03 AM
To: [email protected]
Subject: [ActiveDir] Binding to ldap process..Hi,I'm trying to understand the process of binding to an ldap server. I'm toying with ldp.exe and I'd like to know a little bit more about the different bind options...If you decide to connect to port 3268 to query the GC and then decide to bind do you bind on port 389 or continue to authenticate to the GC? You see, I'm just a wee bit confused as to what happens in the background :)Thanks,Francis Ouellet
==============================================================================
This message is for the sole use of the intended recipient. If you received
this message in error please delete it and notify us. If this message was
misdirected, CSFB does not waive any confidentiality or privilege. CSFB
retains and monitors electronic communications sent through its network.
Instructions transmitted over this system are not binding on CSFB until they
are confirmed by us. Message transmission is not guaranteed to be secure.
==============================================================================
