3.5.3 Client Registration with ILS
Client registration with an ILS server is made in four distinct LDAP operations:
LDAP Bind
LDAP Add
LDAP Modify
LDAP Unbind
The registration MUST be initiated by making an LDAP bind request to an ILS server as specified in section 3.5.2. If LDAP v2 is offered, only simple authentication can be used. <26>This is the normally the case when users are located on the Internet. If LDAP v3 is offered with credentials, the SASL mechanism will be NTLM. The default server port is 1002.
Once a successful bind has been made (LDAP Bind Response, resultCode == 0), it MUST be followed by an LDAP Add operation [RFC2251]. The purpose of the Add operation is to create a dynamic entry of the named user in the directory. The LDAP entry named in the entry field of the Add request is as follows:
c=-,o=Microsoft, cn=<the email address of the user>, objectClass=rtPerson.
This is a modified LDAP entry as per section 2.2.6.It has the effect of creating the following dynamicObject in the directory:
Cn=<the email address of the user>, ou=Dynamic, o=Intranet
(where the entry type is objectClass=rtPerson, objectClass=dynamicObject).
Once a successful Add operation has been performed (LDAP Add Response, resultCode == 0), an LDAP Modify operation MUST be performed as follows:
ModifyRequest: Object:c=-, o=Microsoft, cn==<the email address of the user>,objectClass=rtPerson
The following attributes of the user (rtPerson) are then modified as follows. Note that Name Mapping (section 2.2.5) can apply:
modop: The show mode, to indicate whether the user is to be visible.
sappid: applicationID is set to Microsoft NetMeeting.
smimetype: MimeType is set to text/iuls.
sappguid: guid is set to 008aff194794cf118796444553540000.
sprotid: protocolID is set to T120 AND H323.
sprotmimetype: protocolMimeType is set to (text/t120) and (text/h232).
sport: port attributes set to 1503 and 1720.
The entries made when connecting to ILS are Dynamic Directory Objects as defined in [RFC2589].