7.2 ADConnection Overview

  • 项目

msdn link

Windows uses LDAP over TCP as defined in [RFC1777] for LDAP version 2, and [RFC3377] and [RFC2251] for LDAP version 3. The following sections describe only the additional behaviors of the Microsoft LDAP client which are not specified by these RFCs.

For LDAP over TCP, an ADConnection manages the TCP connections that are used for communication between the client and Active Directory servers. The typical sequence of use of an ADConnection is:

  1. Initialize an ADConnection, which creates the ADConnection but does not yet connect to the Active Directory server.

  2. Set options on the ADConnection as outlined in section 7.6.1.2.

  3. Establish the ADConnection to an Active Directory server, which establishes the TCP connection with the server ([RFC2251] section 5.2.1, Transmission Control Protocol (TCP)).

  4. Perform an LDAP bind ([RFC2251] section 4.2, Bind Operation) on the ADConnection, which authenticates the client to the Active Directory service.

  5. Perform one or more LDAP operations such as search ([RFC2251] section 4.5, Search Operation), modify ([RFC2251] section 4.6, Modify Operation), or delete ([RFC2251] section 4.8, Delete Operation) on the ADConnection. An LDAP operation will consist of an LDAP request and the resulting LDAP response(s).

  6. Perform an LDAP unbind ([RFC2251] section 4.3, Unbind Operation) on the ADConnection.

This sequence is shown in the following Client Activity diagram.

Client activity diagram

Figure 6: Client activity diagram

An ADConnection allows a client to use the connectivity to an Active Directory server for multiple LDAP operations, thereby reducing both client- and server-side processing costs and reducing the serialized time delays of TCP connection establishment and LDAP bind authentications. The ADConnection abstraction allows a client application to perform an LDAP operation with an Active Directory server, and automatically follow any LDAP referrals ([RFC2251] section 4.1.11, Referral) and continuation references ([RFC2251] section 4.5.3, Continuation References in the Search Result). In the case of referrals and continuation references, the client establishes an additional TCP connection to the directory server specified in each referral (or continuation reference) and sends a request as directed by that referral or reference.

The ADConnection can also attempt to maintain connectivity to the directory service in the event a directory server becomes unresponsive or unreachable by attempting to reconnect to the directory service and resending pending requests.