Prerequisites for the Nodinite LDAP Adapter for Microsoft BizTalk Server
This page describes the prerequisites for installing and running the Nodinite LDAP Adapter for Microsoft BizTalk Server
The host instances associated with the LDAP adapter (associated send hosts) must be restarted. This might temporarily disrupt/affect your run-time, make sure to install during an announced, pre-approved service window.
Make sure to read through this tutorial before installing the LDAP adapter.
There are some prerequisites that must be met to use the Nodinite LDAP Adapter for Microsoft BizTalk Server. The work required to satisfy the prerequisites varies from customer to customer and cannot easily be estimated by Integration Software since it involves customer/consultants/3rd party specific resources, details and knowledge.
The software being installed must be properly licensed.
The software requirements must be met.
The hardware requirements must be met.
The firewall requirements must be met.
Microsoft BizTalk Server must be installed and properly configured before this software can be installed and configured.
The user account being used to installing the LDAP adapter must be part of the BizTalk Administrators role and SSO Administrators role during installation/configuration.
Encryption using secured channels is possible if your certificate infrastructure is properly setup, please review the Nodinite LDAP SSL user guide for additional information
Software Requirements
The Nodinite LDAP Adapter for Microsoft BizTalk Server must be installed on all processing BizTalk Server nodes.
- Windows Active Directory or other LDAP server/Service (quite obvious requirement)
- Virtualized environments are supported
- Backup software or backup scripts (maintenance plans) or other. This is always the responsibility of the customer to provide support for and to perform and monitor and delete backups. Missing backups and/or failed backups will lead to lost data in the event of a disaster.
- Virus killers can be used but appropriate exclusions should be applied.
- FIPS can enabled on the Windows Server/ BizTalk server The License key is decrypted using a FIPS compliant algorithm
- The Nodinite LDAP Web API requires .NET CORE 5.0 or later
| Product | |
|---|---|
| Windows Server | Windows 2022Windows 2019Windows 2016Windows 2012 R2Windows 2012, Windows 2008 R2 |
| .NET Framework | .NET Framework 4.0 or later (depends on your installed version of BizTalk) |
- The adapter may log to the local event log, and might also periodically write many entries. Make sure that event logs are set to overwrite (Do not use a fixed sized event logs).
Supported Microsoft BizTalk Server Versions
- Visual Studio Professional 2010 or later with C# and the appropriate client for source control. This requirement only applies to developers and is dependent on you target environment.
Use the following Visual Studio version depending on your Microsoft BizTalk Server Version.
| BizTalk | Visual Studio |
|---|---|
| BizTalk 2020 | 2019 |
| BizTalk 2016 | 2015 |
| BizTalk 2013 R2 | 2013 |
| BizTalk 2013 | 2012 |
| BizTalk 2010 | 2010 |
- Latest SP with latest CU is preferred!
- All editions of BizTalk Server is supported (Developer, Standard, Enterprise, RFID, ...)
- Send hosts can be X86 and/or X64
DTC/MSDTC
The Adapter code is implemented with, and honours the two phase commit protocol using the Microsoft MSDTC. However, the Active Directory does not yet supports distributed transactions. The Adapter is built to take advantage of this feature, if and once it becomes generally available.
Review the MSDTC user guide for additional information.
What Windows User Rights does the Nodinite LDAP Adapter for Microsoft BizTalk Server require?
The Nodinite LDAP Adapter for Microsoft BizTalk Server is installed as a 3rd party BizTalk Server Adapter.
The Adapter has many ways to provide the credentials.
- Dynamically set using Context properties - a coded approach supersedes settings on the send port
- SSO - Perform updates of your code without the hassle of dealing with passwords
- Explicitly set in the send port
- Default, if not set, the adapter executes your commands as the service account for the Host Instance currently used as send handler
If your LDAP Service is Windows Active Directory, then normal Windows user rights apply. If you are using any other LDAP Service, then you need to provide specific connection details (option 4 probably cannot be used).
- Do honour the principle of least privilege for access to the information and resources that are necessary for its legitimate purpose.
- We recommended to separate the accounts used in the different environments (Prod, Test, …. )
- The account being used for the LDAP queries must have proper read/write access to targeted objects in the LDAP/AD.
- The server should be domain joined (if you do not provide explicit connection information in the adapter)
What Firewall settings are required for the Nodinite LDAP Adapter for Microsoft BizTalk Server?
The Nodinite LDAP Adapter for Microsoft BizTalk Server outbound communication only:
- Between the processing BizTalk Server node and the LDAP Service
1. Between the Monitoring Service and the Azure agent
The following ports must be allowed on the Windows server where the agent is installed and running :
| Port | Name | Inbound | Outbound | TCP | UDP | Comment |
|---|---|---|---|---|---|---|
| 53 | DNS | The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file) |
The following standard ports must be open (if in use) between your AD server/LDAP servers. Your BizTalk Server environment must conform to the required ports specified in the following article: 'Required Ports for BizTalk Server'
| Port Name | Port Number | Comment |
|---|---|---|
| OpenLDAP, Fedora, Sun, Active Directory | 389 | |
| OpenDS | 1389 | |
| Apache Directory Server | 10389 | |
| LDAP SSL | 636 | |
| RPC (DTC) | 135 | |
| Global Catalog DCs | 3268, 3269 | |
| Kerberos | 88 | |
| DNS | 53 | |
| SMB V2, V3 | Usually 445 | |
| TCP Netbios-ssn | 139 | |
| TCP SMB msft-ds | 445 | |
| SSL | 443 | |
| IPsec ISAKMP | ||
| ISAKMP uses UDP as its transport protocol. ISAKMP traffic normally goes over UDP port 500, unless NAT-T is used in which case UDP port 4500 is used | ||
| NAT-T | 4500 | See IPsec ISAKMP |
| RPC randomly allocated high TCP ports | 1024-500049152-65535 |
Note
Your LDAP Service may service requests on other ports depending on product and configuration. Appropriate additional firewall exclusions may be required. If you have other servers in your production environment in addition to the ones BizTalk Server uses, you may need to open additional ports. For more information about the port requirements for the Windows Server System™, see http://go.microsoft.com/fwlink/?LinkId=25713.
You can view the dynamic port range using the following netsh commands: from article: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements
netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp
netsh int ipv6 show dynamicport tcp
netsh int ipv6 show dynamicport udp
Frequently asked questions
Additional solutions to common problems and the Nodinite LDAP Adapter for Microsoft BizTalk Server FAQ exist in the Troubleshooting user guide.
Next Step
Related
Nodinite LDAP Web API