Lightweight Directory Access Protocol or LDAP is used to authenticate and authorize users. LDAP is used in different infrastructures like Windows Domain, Linux, Network, etc. LDAP uses different port numbers like 389 and 636. LDAP is used by different software like OpenLDAP, Microsoft Active Directory, Netscape Directory Server, Novell eDirectory, etc. LDAP is developed to access the X.500 databases which store information about different users, groups, and entities.
TCP and UDP 389 For LDAP
The well-known port for LDAP is TCP 389. Both UDP and TCP transmission can be used for this port. We can use this port for unsecured and unencrypted LDAP transmission. This means if the LDAP traffic for port 389 is sniffed it can create security problems and expose information like username, password, hash, certificates, and other critical information.
The port of LDAP TCP and UDP 389 is assigned by the IANA which is an international standardization institution. We can see below the registration information and contact for the port registration.
TCP and UDP 636 Secure or SSL LDAP
Security is an important part of the network protocols. LDAP is not a secure protocol if we do not implement extra security measures. LDAPS is a secure version of the LDAP where LDAP communication is transmitted over an SSL tunnel. Also, TCP and UDP 636 can be used for LDAPS secure transmission. Even the attacker can sniff the port 636 traffic no information will be exposed to the attacker.
Connect LDAP Port Of The Active Directory Domain Controller
Microsoft Active Directory provides LDAP services and LDAP port. The AD port 636 port connection can be configured like below.
- Server is the IP address or domain name of the LDAP or AD server.
- Port is the port number of the LDAP which is by default 636 in this example.
- Connectionless will enable the UDP port where the default is TCP.
- SSL will try to connect in a secure way with the SSL/TLS encryption.
Auxilary LDAP Ports
There are also some auxilary ports related with the LDAP for administration, control catolog exchange etc.
- TCP and UDP 1760 are used for the Ldap gateway port for redirection.
- TCP and UDP 3269 are used for Microsoft Global Catalog with LDAP/SSL.
- TCP and UDP 3407 are used for LDAP Admin Server Port.
- TCP and UDP 6301 are used for BMC LDAP Control port.