0

I have been trying to connect to our OpenLDAP server from asp.net for the last four days without success. Just before I pull off my hair, could any one out there have a solution that has worked( ie using c# asp.net to connect to OpenLDAP server). Apparently I can access the ldap server from putty.exe and do a search. Furthermore, I can use the LDAP server for authentication using a local installation of Drupal CMS without any problems - given that I have added the LDAP module. My problem is doing the same in asp.net. The specific details are as follows:

Ldap server is hosted on sun solaries. My development machine is running Win XP Service pack 3. The error shows up when I try to call bind with a username and password that I have used successfully with putty.

    string hostNameAndSSLPort = "ipaddress";
    string userName = "username";
    string password = "password";

    // establish a connection
    LdapConnection connection = new LdapConnection(hostNameAndSSLPort);

    // create an LdapSessionOptions object to configure session
    // settings on the connection.
    LdapSessionOptions options = connection.SessionOptions;

    options.ProtocolVersion = 3;


    options.SecureSocketLayer = true;

    connection.AuthType = AuthType.Basic;

    connection.Credential =
    new NetworkCredential(userName , password );

    try
    {
        connection.Bind();
    }
    catch(Exception e){
         lblSecurity.Text = e.Message;
    }

I have even tried starting TLS using options.StartTransportLayerSecurity(null); before calling bind by the same error persists. What could I be doing wrong? Please help!!!!!!!!

john
  • 1
  • 1
  • 1
  • Have you tried it without SSL just to see if you can connect that way? – Kasapo Jul 16 '12 at 15:37
  • Also, in this post: http://stackoverflow.com/questions/8904832/using-starttls-with-ldap-from-system-directoryservices it seems they use a DN instead of just a user name... perhaps in their example bindDN is equal to username (uid?), but that could be a place to start. I've also had issues where I had to simply connect to a non-standard port for SSL because of the way LDAP was configured (or some zany firewall rule on the way there...) – Kasapo Jul 16 '12 at 15:41
  • Is your certificate for the LDAP server self-signed or is it signed by a Cert Authority? If it's signed by a Cert Authority, is it a public or private one? You may have a chain of trust issue. Also, what specific exception are you getting? – JamieSee Jul 16 '12 at 16:43
  • Also try specifying ipAddress:portNumber. – JamieSee Jul 16 '12 at 16:50

3 Answers3

3

I had the same issue. My fix was very similar to the answer above. The issue was the LDAP server was sending back a certificate and the client (our code) wasn't accepting it. So by adding the following line of code, made me celebrate and rip a shirt!

connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);

Or in vb terms:

connection.SessionOptions.VerifyServerCertificate = New VerifyServerCertificateCallback(Function(con, cer) True)
Dewlife
  • 31
  • 3
0

See this answer for some example code that works. How do I connect to a locally installed OpenLDAP service?

You mention using XP. I believe there is a hot fix that fixes an issue in the TLS implementation of winldap on XP. You'll have to do some searching around the microsoft site for it. I remember it being buried in a technet page somewhere.

Also don't use TLS with .net/winldap. You'll tear your hair out wondering why your web site randomly pegs out the cpu until it is killed. The answer above has an explanation. Just use SSL.

Community
  • 1
  • 1
Sam Corder
  • 5,374
  • 3
  • 25
  • 30
  • I tried tracking the problem and I can see in the autos window that problems start imediately I call new LdapConnection(hostNameAndSSLPort) because when I examine the connection variable within the session options there is already an error + SecurityContext 'connection.SessionOptions.SecurityContext' threw an exception of type 'System.DirectoryServices.Protocols.DirectoryOperationException' object {System.DirectoryServices.Protocols.DirectoryOperationException} in the 'security context' and + SendTimeout – john Jul 17 '12 at 08:52
  • Thank you all for your taking time to help me. I have equally tried using the full dn without success. As I mention above, the problem starts when I call new connection. However, I have checked that the host is reacheable from the connection.options variable. – john Jul 17 '12 at 09:05
-1

Code like this:

LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(this._domain,     Convert.ToInt32(this._port)));
connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);
connection.SessionOptions.ProtocolVersion = 3;
connection.AuthType = AuthType.Basic;       
connection.SessionOptions.SecureSocketLayer = true;
Zaheer Ahmed
  • 28,160
  • 11
  • 74
  • 110
mayank.karki
  • 750
  • 1
  • 9
  • 34