Re: What is DirectoryServices.AuthenticationTypes.None

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 10/07/05

  • Next message: Darren Green: "Re: MD5 Hash as Number?" 
    Date: Thu, 6 Oct 2005 22:50:08 -0500

    It is supposed to mean to use LDAP simple bind. However, if you leave the
    username and password null, ADSI will go ahead and try to do a Secure bind
    (GSS-SPNEGO SASL bind in LDAP terms) with the current thread's identity.

    If you supply username and password (or put in "" instead of null), it will
    actually try a simple bind (plain text username and password on the
    network).

    In general, you probably shouldn't be using simple bind with AD if you can
    avoid it and you should generally never use it without also using SSL/LDAP
    to encrypt the channel as it is insecure.

    However, it is useful (and in some cases necessary) with ADAM and non-AD
    directories that don't support the GSS-SPNEGO as a SASL mechanism.

    HTH,

    Joe K.

    "John Rusk" <JohnRusk@discussions.microsoft.com> wrote in message
    news:6814DA82-6349-4693-BA08-BF071A76BFD9@microsoft.com...
    > AuthenticationTypes.None is the default authentication type for
    > DirectoryEntry. But, what does "none" actually mean???
    >
    > When I set it, the system still seems to be authenticating with the
    > credentials of the calling thread. Does that mean that
    > AuthenticationTypes.None equals AuthenticationTypes.Secure in practice?
    > Or
    > does it mean something different, and if so, what?

  • Next message: Darren Green: "Re: MD5 Hash as Number?"

    Relevant Pages

    • Re: HELP! Really strange problem w/AD and LDAP/LDIFDE
      ... I don't suppose your web server LDAP stack can do Windows secure binds, ... I only use simple bind for ADAM, ... Sorry I was less helpful this time, but perhaps that username syntax stuff ...
      (microsoft.public.windows.server.active_directory)
    • Re: HELP! Really strange problem w/AD and LDAP/LDIFDE
      ... UPN username and perhaps that is behaving weirdly in this environment due to ... receives the simple bind. ... What we're thinking is that if THAT is the case, and if the DNS ... like when the simple LDAP bind is ...
      (microsoft.public.windows.server.active_directory)
    • Re: HELP! Really strange problem w/AD and LDAP/LDIFDE
      ... Windows secure bind: ... any LDAP client doing a bind can use those username formats with AD ... admin username in the authenticate() should be a "full DN" style username. ... I was doing some testing today, testing with ldifde and doing simple ...
      (microsoft.public.windows.server.active_directory)
    • Re: HELP! Really strange problem w/AD and LDAP/LDIFDE
      ... One of the things that we were theorizing about was that AD might be doing different processing, depending on the format of the username, when it receives the simple bind. ... This 2nd standalone AD is the one that my web app is accessing using LDAP, and I *think* that the domain name for this 2nd AD is the same as the original domain, i.e., also "foo.foo1". ...
      (microsoft.public.windows.server.active_directory)
    • Re: trying to connect to ADAM instance via JNDI
      ... I did tried with ldp and I was able ... to bind with this username and password in ldp. ... I did tried to use the display name as username but it ... Thanks again for your response. ...
      (microsoft.public.windows.server.active_directory)