Publishing LDAP Server on ISA.
Understanding LDAP Windows 2000 use Lightweight Directory Access Protocol (LDAP) a streamlined version of DAP (Directory Access Protocol). The Directory Access Protocol (DAP) is a protocol used in X.500 Directory Services for controlling communications between the Directory User Agent and Directory System Agent. The Directory User Agent (DUA) provides functionality that can be implemented in all sorts of user interfaces through dedicated DUA clients, Web server gateways, or e-mail applications. In X.500, the Directory System Agent (DSA) is the database in which directory information is stored. This database is hierarchical in form, designed to provide fast and efficient search and retrieval. Contrary to X.500, LDAP supports TCP/IP, which is necessary for any type of Internet access. LDAP is an open protocol, and applications are independent of the of server platform hosting the directory. The Active Directory is not an X.500 directory. Instead, it uses LDAP as the access protocol and supports the X.500 information model without requiring systems to host the entire X.500 overhead. The result is the high level of interoperability required for administering real-world, heterogeneous networks. The Active Directory supports access via the LDAP protocol from any LDAP- enabled client. LDAP names are less intuitive than Internet names, but the complexity of LDAP naming is usually hidden within an application. LDAP names use the X.500 naming convention called "Attributed Naming." An example of an LDAP client is Outlook Express. A Windows 2000 Domain Controller is a LDAP server and contains all your domain information like user accounts and groups. A Windows 2000 Domain Controller can also be a Global Catalog (GC) server which contains Forest wide information. You can sent queries to a Global Catalog server to ask user attributes information like email address, street address and phone numbers. Step 1: Creating a Protocol Definition for a LDAP Server
Step 2: Create a Server Publishing rule to publish a LDAP Server
Step 3: Configure Outlook Express to use your published LDAP Server
Step 4: Testing the connection
Publishing a Global Catalog Server Instead of publishing a LDAP server you can publish a Global Catalog server from within your private network. In most cases the GC is the same machine as your DC, but you can use another machine that function as a GC. Step 1: Creating a Protocol Definition for a Global Catalog Server
Step 2: Create a Server Publishing rule to publish a Global Catalog Server
Step 3: Configure Outlook Express to use your published GC Server
Step 4: Testing the connection
Important Encrypting Traffic From an LDAP Client to the ISA Server using SSL Perform the following steps to encrypt traffic from an LDAP client to the ISA Server using SSL: Step 1: Obtain a certificate for the ISA server
Note: You can use above procedure to ask a certificate for Domain Controllers (LDAP servers), but instead of Computers, use a Domain Controller policy. Step 2: Creating a Protocol Definition for a Secure LDAP Server
Step 3: Create a Server Publishing rule to publish a Secure LDAP Server
Step 4: Configure Outlook Express to use your published Secure LDAP Server
Step 5: Testing the connection
Instead of publishing a Secure LDAP server you can publish a Secure Global Catalog server from within your private network Step 1: Creating a Protocol Definition for a Secure Global Catalog Server
Step 2: Create a Server Publishing rule to publish a Secure Global Catalog Server
Step 3: Configure Outlook Express to use your published Secure GC Server
Step 4: Testing the connection
Summary LDAP Directory Service Port number is 389 GC Directory Service Port number is 3268 |