0

I want to do Active Directory Operations over SSL and port 696 and use this test code:

var domain = "server:636";          
var domainPath = "DC=x,DC=y,DC=c";            
var username = @"abc";
var userSearch = @"abc2";
var password = @"password";

using (var context = new PrincipalContext(ContextType.Domain, domain, domainPath, ContextOptions.Negotiate | ContextOptions.SecureSocketLayer,username,password))
{
    UserPrincipal p = UserPrincipal.FindByIdentity(context, IdentityType.SamAccountName, userSearch);

    var groups = p.GetGroups(context);
    foreach (GroupPrincipal g in groups)
    {
        Console.WriteLine(g.ToString());
    }   
}

I get a Exception at p.GetGroups(context):

Ein Ausnahmefehler des Typs "System.Runtime.InteropServices.COMException" ist in System.DirectoryServices.dll aufgetreten.

Zusätzliche Informationen: Der Server ist nicht funktionstüchtig.

After checks at the firewall we realized, that the first part is handled over LDAPS and SSL and the getGroups call is handled over LDAP without SSL and is getting blocked by firewall.

I also tried 

var groups = p.GetGroups();

and many other variations. But i dont get the problem.

Edit 20160614 - Workaround:

var entry = (DirectoryEntry)user.GetUnderlyingObject();

int propertyCount = entry.Properties["memberOf"].Count;

for (int propertyCounter = 0; propertyCounter < propertyCount; propertyCounter++)
{
      var dn = (String)entry.Properties["memberOf"][propertyCounter];
      var equalsIndex = dn.IndexOf("=", 1, StringComparison.Ordinal);
      var commaIndex = dn.IndexOf(",", 1, StringComparison.Ordinal);

      if (-1 == equalsIndex)
      {
            break;
      }

       var groupName = (dn.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1));

       var groupPrincipal = GroupPrincipal.FindByIdentity(principalContext, groupName.Replace("\\",""));           

       // Do something with your groupPricipal
}
Andreas Geringer
  • 9
  • 4
  • Hi Andreas, were you able to resolve this issue? I'm struggling with the exact same problem. Did you find a workaround perhaps? – Pascal Kesseli Jun 01 '16 at 21:37
  • Hi Pascal, see my edit with a possible Workaround, which was working for my purpose. – Andreas Geringer Jul 08 '16 at 09:29
  • I strongly suspect that SSL operations for the GroupPrincipal class are not supported. The SSL functionality seems to be primarily for the **ValidateCredentials** method. I have a working version of **ValidateCredentials** using SSL, but if I use the same secure PrincipalContext to do a GroupPrincipal or UserPrincipal operation, it fails. I've resorted to using one context for validating the user and the unsecured context for getting information about the user. – Quark Soup Feb 02 '17 at 21:47

0 Answers0