LDAP Security
Lightweight Directory Access Protocol (LDAP) version 3.0 supports various security mechanisms for authenticating to an LDAP server.
Best Practices
Use authentication
Use NTLM or Basic authentication to limit access to known users only. The following list shows the three types of authentication that LDAP supports:
- Basic authentication
- Microsoft Windows NT LAN Manager (NTLM)
- Negotiate
Use NTLM or Negotiate because Basic authentication uses clear text passwords. The Negotiate security package selects between Kerberos and NTLM. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication.
Use ldap_bind_s function to use authentication services, such as NTLM or other Security Support Providers. The ldap_simple_bind function uses a clear text password for authentication. For more information, see LDAP Security Model.
Use Secure Sockets Layer (SSL)
SSL protocol protects data from packet sniffing by anyone with physical access to the network.
Default Registry Settings
LDAP does not use any registry settings.
See Also
Last updated on Friday, April 09, 2004
© 1992-2003 Microsoft Corporation. All rights reserved.