...
The following are issues, encountered by some deployers, related to specific LDAP server products used in conjunction with username/password authentication or the attribute resolvers LDAP data connector.
| Table of Contents | ||
|---|---|---|
|
Microsoft Active Directory
...
- 3268 for plain-old LDAP or LDAP with startTLSStartTLS. Note, startTLS StartTLS is only available on Windows Server 2003 and later.
- 3269 for LDAPS
...
When performing a standard LDAP search on port 389/636, under some circumstances Active Directory will return LDAP referrals as a part of the LDAP result set. For example, this is known to occur when when using a domain DN as the LDAP search base (e.g. dc=example, dc=org) as opposed to a lower level container (e.g. cn=Users,dc=example,dc=org). These referrals must be followed for successful completion of the query by the connector. This entails adding a configuration parameter to the LDAP data connector configuration:
| Code Block |
|---|
<LDAPProperty name="java.naming.referral" value="follow"/>
|
...