active-directory - Will AD calls automatically switch to LDAPS if unsigned LDAP on port 389 is disabled?
问题描述
Does anyone know if calls to create a new PrincipalContext will automatically switch to LDAPS from LDAP when Microsoft releases its AD security update in March? We have created a VB.Net security library for our corporate applications that instantiates the object like below, with no explicit reference to port 636 in the domain string. I have tested the library with Wireshark running, and I only see unsigned LDAP (port 389) traffic, but we have both ports enabled, so I don't know if it will automatically switch to LDAPS.
Return New PrincipalContext(ContextType.Domain, "my.corp.domain", container, Config.ADUser, Config.ADPass)
解决方案
It will not switch to LDAPS if normal LDAP doesn't work. You have to specify LDAPS explicitly by passing the LDAPS port as part of the domain name: "my.corp.domain:636"
That said, I haven't read anything to suggest that Microsoft will be disabling access to the LDAP port entirely. From what I understand, the issue is only with how the requests are authenticated. Port 389 will continue to function.
Actually, the change in March won't change anything at all. You can read more about it here, which says:
March 2020 update will only add some new functionalities and make no changes, giving Customers more time to fix issues.
推荐阅读
- c++ - 将 Apache 箭头表写入字符串 C++
- python - astropy.wcs 的问题:PCi_ja 矩阵是奇异的
- mongodb - Golang mongo-go-driver 索引检查
- c# - 如何处理具有不同数据类型的同一个表的多个实例连接到同一个 EF 模型
- r - 运行非线性回归模型时如何纠正此错误?
- c++ - 链接器如何知道在哪里可以找到 dll 文件
- unique - 用于唯一 ID 和日期/时间相关标准的复杂 COUNTIF
- actionscript-3 - AddChild 没有出现在舞台上
- html - Bootstrap 4 的响应式布局排序
- flutter - 为不均匀的边界提供一个borderRadius