I have set up a Active Directory server in my virtual machine and enabled LDAP over SSL according to the following link: https://support.microsoft.com/en-us/kb/321051
I used ldp.exe to test my setting and was able to connect to port 636 and with "SSL" checkbox checked. I then unchecked the "SSL" checkbox and tried connection to port 636 again. I expected the connection to fail since port 636 is reserved for LDAP over SSL. However, to my surprise, the connection still went through. I am perplexed. Is it normal that I can connect to Active Directory using port 636 but without SSL?
public static LdapConnection CreateLdapConnection(string server, int port, bool IsSSL, string userDN, string password, out string err)
{
err = null;
LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier(server, port));
if (IsSSL)
{
con.SessionOptions.SecureSocketLayer = true;
con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
}
con.Credential = new NetworkCredential(userDN, password);
con.AuthType = AuthType.Basic;
try
{
con.Bind();
}
catch (Exception ex)
{
if (ex.Message.Contains("The supplied credential is invalid"))
{
err = "Invalid ldap user password";
}
else if (ex.Message.Contains("The LDAP server is unavailable"))
{
err = "Invalid server address or port number";
}
else
{
err = ex.Message;
}
}
return con;
}
I also used the above code to test ldap connection in my application and it is able to connect when the IsSSL variable is false.
It is probably using the StartTLS protocol whereby the connection starts in plaintext, then the client issues StartTLS, then both sides upgrade to SSL.