Hi Robert,
> Am 27.08.2015 um 15:19 schrieb Robert Moskowitz:
>> In an earlier post of iptables rules, ldap and ldaps udp were included.
>>
>> the firewalld service for ldap and ldaps are only tcp. Do people
>> actually see udp requests comming in for these, or were they included
>> 'for completeness'.
>
>
> Start a capture with wireshark/tcpdump/etc. on a DC and see what reaches
> on 389/udp during the day. ;-)
>
>
> https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
> tell some information, what actions use with ports.
to be a little more specific, ldap udp/389, aka cldap or "connection
less" ldap, is used (at least) for site discovery when the windows
workstation starts and needs to find its closest domain controler.
When you confirure site and services in active directory, you set up
subnets, sites and place DCs in the corresponding sites.
In order to contact the closest DC, the workstation will first make a
cldap query to get the site name corresponding to its subnet, and then
query the SRV files under _sites.mydom.lan to get the matching DC.
Some pointers:
https://msdn.microsoft.com/en-us/library/cc717362.aspx
https://technet.microsoft.com/en-us/library/cc978016.aspx
http://serverfault.com/questions/77947/finding-closest-domain-controller-through-ldap
Cheers,
Denis
>
>
> Regards,
> Marc
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr