1

I am working on a website to manage ldap. I am stuck in a situation, when I am trying to authenticate user with account locked or disabled it fails. What I want to do is first authenticate user after that show message that account locked or disabled.

I am coding like this

LdapConnection connection = new LdapConnection(new       LdapDirectoryIdentifier("SJTPNOC.com", 636));
connection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback((con, cer) => true);
connection.SessionOptions.ProtocolVersion = 3;        
connection.AuthType = AuthType.Basic;       
connection.SessionOptions.SecureSocketLayer = true;
connection.Timeout = new TimeSpan(0, 0, 10);   
connection.Credential = new NetworkCredential(username, password);
using (connection){
connection.Bind();
}
mayank.karki
  • 750
  • 1
  • 9
  • 34

1 Answers1

2

Not sure I understand this- if the user is locked or disabled they won't be able to authenticate. You should either catch the error returned from LDAP and use that information to display a friendly message to the user, or do a lookup on the user and read the attribute that indicates the status of the user (e.g. userAccountControl in AD).

kcyr41
  • 41
  • 4
  • And each LDAP server reports the error for a locked user or bad password differently. – geoffc Dec 18 '12 at 20:12
  • Ok I'll manage locked or disable account but its not working for user must change password at next logon also. Without authentication how I can allow user to change password. – mayank.karki Dec 19 '12 at 05:29
  • @mayank.karki You need to use the change-password extended operation while authenticated as an admin user. – user207421 Dec 22 '12 at 00:01