Active Directory Connection

If you are having a problem using Vault, post a message here.

Moderator: SourceGear

Post Reply
snapjeff
Posts: 18
Joined: Mon Nov 05, 2007 2:18 pm
Location: Illinois
Contact:

Active Directory Connection

Post by snapjeff » Tue May 03, 2022 3:20 pm

Does Vault connect to Active Directory using SSL or is it plain-text? My security team was asking me and I can’t find anything.

Tonya
Posts: 914
Joined: Thu Jan 20, 2005 1:47 pm
Location: SourceGear

Re: Active Directory Connection

Post by Tonya » Wed May 04, 2022 6:55 am

Hello,

All communication between the Vault client and server is done over HTTP and utilizing IIS Web Services. You can configure IIS for SSL support to keep your data secure.

Please let me know if you have any additional questions.

Thanks,

Tonya

snapjeff
Posts: 18
Joined: Mon Nov 05, 2007 2:18 pm
Location: Illinois
Contact:

Re: Active Directory Connection

Post by snapjeff » Wed May 04, 2022 8:37 am

Tonya,

Not quite what we were looking for. We are migrating to AD user authentication. We need to know if the Vault server-to-AD server communication is done using SSL or non-SSL. We know about the 'Use SSL' checkbox in the user login, but don't see an option for the AD server connection.

Thanks,
Jeff

Tonya
Posts: 914
Joined: Thu Jan 20, 2005 1:47 pm
Location: SourceGear

Re: Active Directory Connection

Post by Tonya » Wed May 04, 2022 10:02 am

Hi Jeff,

Sorry about the confusion on my part.

Vault uses the System.DirectoryServices.DirectoryEntry to connect to the AD Server with the default option of connecting with the "Security" parameter. According to the Microsoft documentation, "security" is:

Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory Domain Services uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user account that the calling thread is impersonating.

Please note that when the Vault Server makes the Active Directory Services request, the user/password are not null. Also, the communications is only between the Vault Server and the Active Directory Services. The Vault Client is not involved with this part of the login process.

If this doesn't properly answer your questions, please let me know.

Thanks,

Tonya

snapjeff
Posts: 18
Joined: Mon Nov 05, 2007 2:18 pm
Location: Illinois
Contact:

Re: Active Directory Connection

Post by snapjeff » Wed May 04, 2022 10:53 am

Tonya,

Thanks for that info. Do you know which port the Vault server is using to connect to the AD server? Ports 389 and 636 are typical.

Jeff

Tonya
Posts: 914
Joined: Thu Jan 20, 2005 1:47 pm
Location: SourceGear

Re: Active Directory Connection

Post by Tonya » Wed May 04, 2022 12:09 pm

Hello again,

It should be the default port. Like you said, typically port 389.

Tonya

Post Reply