2

it is the first time I'm working with LDAP and Active Directory. I have to make a web api with .NetCore that have to authenticate with ActiveDirectory (WindowsServer 2008 r2), I'm following the samples in Novell.Directory.Ldap.NETStandard but i can't understand the way that I must set the parameters. This is the users that I created in ActiveDirectory Server:

https://i.stack.imgur.com/A7iGq.jpg

In Novell's samples

if (args.Length != 5)
{
    System.Console.Out.WriteLine("Usage:   mono VerifyPassword <host name>" + " <login dn> <password> <object dn>\n" + "         <test password>");
    System.Console.Out.WriteLine("Example: mono VerifyPassword Acme.com " + "\"cn=Admin,o=Acme\" secret\n" + "         \"cn=JSmith,ou=Sales,o=Acme\" testPassword");
    System.Environment.Exit(0);
}

int ldapPort = LdapConnection.DEFAULT_PORT;
int ldapVersion = LdapConnection.Ldap_V3;
System.String ldapHost = args[0];
System.String loginDN = args[1];
System.String password = args[2];
System.String objectDN = args[3];
System.String testPassword = args[4];
LdapConnection conn = new LdapConnection();

try
{
    // connect to the server
    conn.Connect(ldapHost, ldapPort);

    // authenticate to the server
    conn.Bind(ldapVersion, loginDN, password);

    LdapAttribute attr = new LdapAttribute("userPassword", testPassword);
    bool correct = conn.Compare(objectDN, attr);

    System.Console.Out.WriteLine(correct?"The password is correct.":"The password is incorrect.\n");

    // disconnect with the server
    conn.Disconnect();
}

In Novell's samples the "user" parameters looks like this "ou=sales,o=Acme", so I was trying:

int ldapPort = LdapConnection.DEFAULT_PORT;
int ldapVersion = LdapConnection.Ldap_V3;
bool compareResults = false;
String ldapHost = "192.168.58.251";
String loginDN = @"cn=jperez";
String password1 = "Jperez123";
String dn = "mydn";
LdapConnection lc = new LdapConnection();
LdapAttribute attr = null;

try
{
    // connect to the server
    lc.Connect(ldapHost, ldapPort);
    var sdn = lc.GetSchemaDN();

    // authenticate to the server
    lc.Bind(ldapVersion, loginDN, password1);

    ...
}
catch (LdapException e)
{
    Console.WriteLine("Error: " + e.ToString());
}

But I get this error: LDAP:

LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Server Message: 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1\u0000 LdapException: Matched DN:

I also get the schemaDn with this funciton: lc.GetSchemaDN(), that return this result: CN=Aggregate,CN=Schema,CN=Configuration,DC=mydn,DC=local

After googling there is no much information with .Netcore than the Novell's samples, please I need your help.

CDspace
  • 2,639
  • 18
  • 30
  • 36
Jhenrry Alvaro Mamani Javier
  • 21
  • 1
  • 1
  • 3

6 Answers6

13

Been working on this as well and ran into the same error. I had to use the Windows domain and username to log in:

String loginDN = "DOMAIN\\jperez";
String password1 = "Jperez123";

lc.Bind(loginDN, password1);

Once I did that, I got in without issue.

Mighty Ferengi
  • 746
  • 3
  • 8
  • 22
2

I had the same issue and the only way I got it working was by supplying the login like this 

lc.Bind("user@domain", "pwd")
StefanFFM
  • 1,526
  • 1
  • 14
  • 25
0

I had the same issue until I used this

lc.Bind("uid=" + objUser.UserName + ",ou=SomeValue,dc=SomeValue,dc=SomeValue",password);

also I did not supply a version like in your example

Diizzy
  • 534
  • 4
  • 12
0

It also works for me:

var ldapVersion = LdapConnection.Ldap_V3;
var loginDN = "CN=victor,CN=Users,DC=example,DC=com";
var password = "123";
conn.Bind(ldapVersion, loginDN, password);

Works on Windows Server 2012r2 with the default domain settings. If you want to get loginDNs for your domain users, just execute next cmd command on domain controller:

dsquery user

More information here

Dmitry
  • 93
  • 1
  • 6
0

Yet another variation, I found I had to logon as:

"PartA PartB" of an AD username. (notice the space in the name.)

example being "App Alerts" whereas I normally can login with "AppAlerts"... but this is the Fully Qualified name i found with dsquery user:

"CN=App Alerts,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=myinc,DC=local"
Evan Morrison
  • 652
  • 6
  • 18
0

DotNet Version : 6 Novel nuget Package: Novell.Directory.Ldap.NETStandard Active Directory : 2019 AD server

Step 1 :Add a console Application: step 2 : Add a class and then put this method in it :

public string Validate(string _username, string _password)
{
    string username = _username;
    string password = _password;
    string domainName = "spenter.com";
    string userDn = $"spenterdomain\\{username}";           
    int ldapVersion = LdapConnection.LdapV3;
    // var connection = new LdapConnection { SecureSocketLayer = true };

    try
    {
        using (var ldapConnection = new LdapConnection { SecureSocketLayer = false })
        {
            ldapConnection.Connect(domainName, LdapConnection.DefaultPort);
            ldapConnection.Bind(userDn, password);
            if (ldapConnection.Bound)
                return $"{username} : has been Authenthicated";
        }
    }
    catch (LdapException ex)
    {
        Console.WriteLine(ex);
    }
    return "Credentials Incorrect";

}

Step 3 Main Program Code:

using ldap;

yourclass l1 = new yourclass();
Console.WriteLine("Enter your AD ID");
string uName = Console.ReadLine().ToString();
Console.WriteLine("Enter your AD Pwd");
string Pwd = Console.ReadLine().ToString();
var result = l1.Validate(uName, Pwd);
Console.WriteLine(result);
Console.ReadLine();
Lee Taylor
  • 7,761
  • 16
  • 33
  • 49
Darren Quadros
  • 61
  • 1
  • 4