LDAP Security

Lightweight Directory Access Protocol (LDAP) version 3.0 supports various security mechanisms for authenticating to an LDAP server.

Best Practices

Use authentication

Use NTLM or Basic authentication to limit access to known users only. The following list shows the three types of authentication that LDAP supports:

  • Basic authentication
  • Microsoft Windows NT LAN Manager (NTLM)
  • Negotiate

Use NTLM or Negotiate because Basic authentication uses clear text passwords. The Negotiate security package selects between Kerberos and NTLM. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication.

Use ldap_bind_s function to use authentication services, such as NTLM or other Security Support Providers. The ldap_simple_bind function uses a clear text password for authentication. For more information, see LDAP Security Model.

Use Secure Sockets Layer (SSL)

SSL protocol protects data from packet sniffing by anyone with physical access to the network.

Default Registry Settings

LDAP does not use any registry settings.

See Also

LDAP Client

 Last updated on Friday, April 09, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.