| Directory Services |
The Microsoft LDAP provider ADsPath requires the following format.
LDAP://HostName[:PortNumber][/DistinguishedName]
Note [ ] denotes optional parameters; it is not a literal part of the binding string.
The HostName can be a computer name, an IP address, or a domain name. A server name can also be specified in the binding string. Most LDAP providers follow a model that requires a server name to be specified.
The PortNumber specifies the specific port that should be used for the connection. If no port number is specified, the LDAP provider uses the default port number. The default port number is 389 if not using an SSL connection or 636 if using an SSL connection.
The DistinguishedName specifies the distinguished name of a specific object. A distinguished name for a given object is guaranteed to be unique.
The following table lists examples of binding strings.
| LDAP ADsPath Example | Description |
|---|---|
LDAP: |
Bind to the root of the LDAP namespace. |
LDAP://server01 |
Bind to a specific server. |
LDAP://server01:390 |
Bind to a specific server using the specified port number. |
LDAP://CN=Jeff Smith,CN=users,DC=fabrikam,DC=com |
Bind to a specific object. |
LDAP://server01/CN=Jeff Smith,CN=users,DC=fabrikam,DC=com |
Bind to a specific object through a specific server. |
If Kerberos authentication is required for the successful completion of a specific directory request, the binding string must use either a serverless ADsPath, such as "LDAP://CN=Jeff Smith,CN=users,DC=fabrikam,DC=com", or it must use an ADsPath with a fully-qualified DNS server name, such as "LDAP://server01.fabrikam.com/CN=Jeff Smith,CN=users, DC=fabrikam,DC=com". Binding to the server using a flat NETBIOS name or a short DNS name, for example, using the name "server01" instead of "server01.fabrikam.com", is not guaranteed to yield Kerberos authentication.
For more information and more examples of LDAP binding strings, as well as a description of special characters that can be used in LDAP binding strings, see LDAP ADsPath.
Windows 2000 SP1 and later: With the LDAP provider, if a binding string includes a server name, you can increase performance by using the ADS_SERVER_BIND flag with the ADsOpenObject function or the IADsOpenDSObject::OpenDSObject method. The ADS_SERVER_BIND flag indicates that a server name was specified, which enables ADSI to avoid additional, unnecessary network traffic.
The following characters are reserved and cannot be used in an ADsPath with the LDAP provider.
| Character | Name | Hex Value |
|---|---|---|
| <LF> | Line feed | 0x0A |
| <CR> | Carriage return | 0x0D |
| " | Double quote | 0x22 |
| # | Number sign | 0x23 |
| + | Plus sign | 0x2B |
| , | Comma | 0x2C |
| / | Forward slash | 0x2F |
| ; | Semicolon | 0x3B |
| < | Left angle bracket | 0x3C |
| = | Equals sign | 0x3D |
| > | Right angle bracket | 0x3E |
| \ | Backward slash | 0x5C |
For more information about the distinguished name notation used by LDAP-compliant directory services, see http://www.ietf.org/rfc/rfc1779.txt?number=1779 or ftp://ftp.ietf.org/rfc/rfc1779.txt.