0

I'm performing a bind to a ldap-server using the class LdapConnection. In case of a "normal" password it works fine. But if the user has a password including ü, ä or ö the server returns an error INVALID CREDENTIALS. I assumed an encoding issue but cannot find any settings .NET-classes. Therefore I had a look at the network traffic I found out that the letter 'ü' is represented in hex by 'fc'. Using a ldap-browser the 'ü' is presented by 'c3bc'.

var identifier = new LdapDirectoryIdentifier("myserver", 389);

var dn = "...";
var passwort = "withÜ";
var credentials = new NetworkCredential(dn, password);
var connection = new LdapConnection(identifier, credentials, AuthType.Basic);
connection.Bind(credentials);

Any ideas about that?

xforfun
  • 592
  • 6
  • 19

2 Answers2

1

The Unicode codepoint for ü is hex FC as you state. However, LDAP uses either ASCII or UTF-8 when encoding, where ü in UTF-8 is represented as HEX C3BC.

LDAP v3 allows use of UTF-8.

connection.SessionOptions.ProtocolVersion = 3;

However you have a major security hole in that the user name and password and being passed in the clear. You should use SSL/TLS. See Connect to open LDAP over ssl.

Community
  • 1
  • 1
Richard Schneider
  • 34,944
  • 9
  • 57
  • 73
  • Thanks for SSL-hint. SSL is disabled temporarily for easier investigation of network traffic ... ;) – xforfun Sep 28 '15 at 12:00
0

Try to set LdapConnestion's SessionOptions ProtocolVersion to 3.

Source:

The german umlaut was not correctly transported because of protocol version "2" on the LdapConnection's LdapSessionOptions class. After setting the protocol version to "3" on the LdapSessionOptions class, the request returned results as expected!

CodingFeles
  • 374
  • 5
  • 18