Applies To:
All versions of Venafi Software with the Active Director Identity Provider
Summary:
AD Wizard/Driver cannot discover/use DCs that are only available via LDAP over SSL
The Active Directory Identity Wizard uses the following ports:
https://support.venafi.com/entries/45671107-Info-What-ports-does-the-Active-Directory-identity-provider-use
88 |
Kerberos |
135 |
TCP for RPC, EPM (Replication) |
389 |
TCP, UDP for LDAP (Directory, Replication, User and Computer Authentication, Group Policy, Trusts) |
445 |
TCP, UDP for SMB, CIFS, SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc (Replication, User and Computer Authentication, Group Policy, Trusts) |
636 |
TCP, UDP for LDAP SSL (Directory, Replication, User and Computer Authentication, Group Policy, Trusts) |
1025-5000 |
TCP Dynamic for RPC Windows server 2003 |
49152-65535 |
TCP Dynamic for RPC Windows server 2008 |
More Info:
There is an LDAP driver that can utilize solely the 636 port. This driver does not do an in-depth discovery of other LDAP servers and only one Host can be specified per Identity connector.
Comments