I executed the code as below to modify an attribute value in Active Directory via ldaps.It worked properly.In addition, I found the packets were encrypted when I analyzed the packets captured by tcpdump via WireShark.
using (DirectoryEntry entry = new DirectoryEntry("LDAP://192.168.109.4:636/OU=People,DC=dev,DC=com", "dev\\user", "password"))
{
entry.Properties["description"].Value = "a new description";
entry.CommitChanges();
entry.Close();
}
However, I have one question.I guess that the statement below is requried to encrypt packets via ldaps.
entry.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;
In this case, it worked well without the statement as above.
Does anyone know the reason?
Did you see the SSL handshake when the connection opened? Usually SSL won't even work when you're accessing it with an IP address. It can also encrypt using Kerberos, which will work on port 389 using an IP address, although you usually have to specify AuthenticationTypes.Sealing for that.
However, it does know that port 636 is the LDAPS port, so if you specify port 636, it will automatically do the SSL handshake.
You can also exclude the port and specify AuthenticationTypes.SecureSocketsLayer, and it will automatically connect via port 636:
new DirectoryEntry(
"LDAP://dev.com/OU=People,DC=dev,DC=com",
"dev\\user", "password",
AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer
)