- 6 minutes to read

Prerequisites for the Nodinite LDAP Adapter for Microsoft BizTalk Server

This page describes the prerequisites for installing and running the Nodinite LDAP Adapter for Microsoft BizTalk Server

graph LR subgraph "Microsoft BizTalk Server" ro2(fal:fa-users Nodinite LDAP Adapter) end subgraph "LDAP Services" ro2 -.- roAD(fab:fa-windows Active Directory) ro2 -.- roDIRX(fal:fa-users DIRX) ro2 -.- roADAM(fas:fa-users ADAM/LDS) ro2 -.- roLDAP(far:fa-folder LDAP Service X) end
Verified Topic
Software Requirements
What Windows User Rights does the Nodinite LDAP Adapter for Microsoft BizTalk Server require?
What Firewall settings are required for the Nodinite LDAP Adapter for Microsoft BizTalk Server?

The host instances associated with the LDAP adapter (associated send hosts) must be restarted. This might temporarily disrupt/affect your run-time, make sure to install during an announced, pre-approved service window.

Make sure to read through this tutorial before installing the LDAP adapter.

There are some prerequisites that must be met to use the Nodinite LDAP Adapter for Microsoft BizTalk Server. The work required to satisfy the prerequisites varies from customer to customer and cannot easily be estimated by Integration Software since it involves customer/consultants/3rd party specific resources, details and knowledge.

  • The software being installed must be properly licensed.

  • The software requirements must be met.

  • The hardware requirements must be met.

  • The firewall requirements must be met.

  • Microsoft BizTalk Server must be installed and properly configured before this software can be installed and configured.

  • The user account being used to installing the LDAP adapter must be part of the BizTalk Administrators role and SSO Administrators role during installation/configuration.

  • Encryption using secured channels is possible if your certificate infrastructure is properly setup, please review the Nodinite LDAP SSL user guide for additional information

Software Requirements

The Nodinite LDAP Adapter for Microsoft BizTalk Server must be installed on all processing BizTalk Server nodes.

  • Windows Active Directory or other LDAP server/Service (quite obvious requirement)
  • Virtualized environments are supported
  • Backup software or backup scripts (maintenance plans) or other. This is always the responsibility of the customer to provide support for and to perform and monitor and delete backups. Missing backups and/or failed backups will lead to lost data in the event of a disaster.
  • Virus killers can be used but appropriate exclusions should be applied.
  • FIPS can enabled on the Windows Server/ BizTalk server The License key is decrypted using a FIPS compliant algorithm
  • The Nodinite LDAP Web API requires .NET CORE 5.0 or later
Product
Windows Server Windows 2022
Windows 2019
Windows 2016
Windows 2012 R2
Windows 2012, Windows 2008 R2
.NET Framework .NET Framework 4.0 or later (depends on your installed version of BizTalk)
  • The adapter may log to the local event log, and might also periodically write many entries. Make sure that event logs are set to overwrite (Do not use a fixed sized event logs).

Supported Microsoft BizTalk Server Versions

  • Visual Studio Professional 2010 or later with C# and the appropriate client for source control. This requirement only applies to developers and is dependent on you target environment.

Use the following Visual Studio version depending on your Microsoft BizTalk Server Version.

BizTalk Visual Studio
BizTalk 2020 2019
BizTalk 2016 2015
BizTalk 2013 R2 2013
BizTalk 2013 2012
BizTalk 2010 2010
  • Latest SP with latest CU is preferred!
  • All editions of BizTalk Server is supported (Developer, Standard, Enterprise, RFID, ...)
  • Send hosts can be X86 and/or X64

DTC/MSDTC

The Adapter code is implemented with, and honours the two phase commit protocol using the Microsoft MSDTC. However, the Active Directory does not yet supports distributed transactions. The Adapter is built to take advantage of this feature, if and once it becomes generally available.

Review the MSDTC user guide for additional information.

What Windows User Rights does the Nodinite LDAP Adapter for Microsoft BizTalk Server require?

The Nodinite LDAP Adapter for Microsoft BizTalk Server is installed as a 3rd party BizTalk Server Adapter.

The Adapter has many ways to provide the credentials.

  1. Dynamically set using Context properties - a coded approach supersedes settings on the send port
  2. SSO - Perform updates of your code without the hassle of dealing with passwords
  3. Explicitly set in the send port
  4. Default, if not set, the adapter executes your commands as the service account for the Host Instance currently used as send handler

If your LDAP Service is Windows Active Directory, then normal Windows user rights apply. If you are using any other LDAP Service, then you need to provide specific connection details (option 4 probably cannot be used).

  • Do honour the principle of least privilege for access to the information and resources that are necessary for its legitimate purpose.
  • We recommended to separate the accounts used in the different environments (Prod, Test, …. )
  • The account being used for the LDAP queries must have proper read/write access to targeted objects in the LDAP/AD.
  • The server should be domain joined (if you do not provide explicit connection information in the adapter)

What Firewall settings are required for the Nodinite LDAP Adapter for Microsoft BizTalk Server?

The Nodinite LDAP Adapter for Microsoft BizTalk Server outbound communication only:

  1. Between the processing BizTalk Server node and the LDAP Service
graph LR subgraph "Microsoft BizTalk Server" ro2(fal:fa-users Nodinite LDAP Adapter) end subgraph "LDAP Services" ro2 -.- |389, 636, ...| roAD(fab:fa-windows Active Directory) ro2 -.- |389, ...| roDIRX(fal:fa-users DIRX) ro2 -.- |389, 636, ...| roADAM(fas:fa-users ADAM/LDS) ro2 -.- | ... | roLDAP(far:fa-folder LDAP Service X) end

1. Between the Monitoring Service and the Azure agent

The following ports must be allowed on the Windows server where the agent is installed and running :

Port Name Inbound Outbound TCP UDP Comment
53 DNS The Agent needs to know where your other servers/services are (can sometimes optionally be solved using entries in the local hosts file)

The following standard ports must be open (if in use) between your AD server/LDAP servers. Your BizTalk Server environment must conform to the required ports specified in the following article: 'Required Ports for BizTalk Server'

Port Name Port Number Comment
OpenLDAP, Fedora, Sun, Active Directory 389
OpenDS 1389
Apache Directory Server 10389
LDAP SSL 636
RPC (DTC) 135
Global Catalog DCs 3268, 3269
Kerberos 88
DNS 53
SMB V2, V3 Usually 445
TCP Netbios-ssn 139
TCP SMB msft-ds 445
SSL 443
IPsec ISAKMP
ISAKMP uses UDP as its transport protocol. ISAKMP traffic normally goes over UDP port 500, unless NAT-T is used in which case UDP port 4500 is used
NAT-T 4500 See IPsec ISAKMP
RPC randomly allocated high TCP ports 1024-500049152-65535

Note

Your LDAP Service may service requests on other ports depending on product and configuration. Appropriate additional firewall exclusions may be required. If you have other servers in your production environment in addition to the ones BizTalk Server uses, you may need to open additional ports. For more information about the port requirements for the Windows Server System™, see http://go.microsoft.com/fwlink/?LinkId=25713.

You can view the dynamic port range using the following netsh commands: from article: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements

netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp
netsh int ipv6 show dynamicport tcp
netsh int ipv6 show dynamicport udp

Frequently asked questions

Additional solutions to common problems and the Nodinite LDAP Adapter for Microsoft BizTalk Server FAQ exist in the Troubleshooting user guide.

Next Step

Install

Nodinite LDAP Web API