a list of all users: Ldap referral error (LDAPReferralException)

Asked 5/9, 2017 at 10:33 Answered 23/5, 2018 at 14:25

I am using active directory and want a list of all users, basically in dotnet core. But I am receiving an exception:

Search result reference received, and referral following is off

Below is my code.

 LdapSearchResults lsc = lc.Search("DC = xyz, DC = local",  LdapConnection.SCOPE_ONE , "(|(objectClass = person)(objectClass = user))", null, false);

Hydrocele answered 5/9, 2017 at 10:33 Comment(7)

I understand you are using Novell C# libraries . Is it necessary to use Novel library ? You can use C# libraries to do that, by doing so you'll get more resources. – Bourguiba 6/9, 2017 at 4:53

@RathanNaik can you suggest any? – Hydrocele 6/9, 2017 at 6:53

I have used DirectoryEntry and DirectorySearcher, here is small code snippet, see my answer in https://mcmap.net/q/1632191/-ldap-server-is-unavailable/… – Bourguiba 6/9, 2017 at 7:4

Its generic (sort of) library, can be used for Active Directory, LDAP, Novell e-Directory etc. – Bourguiba 6/9, 2017 at 7:5

@RathanNaik dotnet core don't support Directory services yet – Hydrocele 6/9, 2017 at 7:21

What do you mean it doesn't supoort ? It does!! – Bourguiba 6/9, 2017 at 7:25

It does, but it isn't supported in Linux so you get an exception. When you think about .net core it's pretty reasonable to be thinking of some portability, which you don't have in this case. – Brough 5/12, 2018 at 13:16

You have to activate the behaviour which will follow the referral returned by the directory.

The response you received means that the directory you are requesting does not contain the data you look for, but they are in another directory, and in the response there is the information about the "referral" directory on which you need to rebind to "redo" the search. This principle in LDAP are the referral.

I don't know how to do it in C#, but maybe have a look at :

https://www.novell.com/documentation/developer/ldapcsharp/?page=/documentation/developer/ldapcsharp/cnet/data/bp31k5d.html

Brooklet answered 6/9, 2017 at 9:38 Comment(0)

Necromancing - just in case the links go dark.
To fix it in your application, set ReferralFollowing to true.

if you get the message

Search result reference received, and referral following is off

, add

Novell.Directory.Ldap.LdapSearchConstraints cons = lc.SearchConstraints;
cons.ReferralFollowing = true;
lc.Constraints = cons;

to your code.

Example:

public static void GetUsers()
{
    System.Collections.Generic.List<ARSoft.Tools.Net.Dns.SrvRecord> lsLdap = GetLdap();
    ARSoft.Tools.Net.Dns.SrvRecord ldap = lsLdap[0];

    string[] attrs = new string[] { "cn", "distinguishedName", "sAMAccountName", "userPrincipalName", "displayName", "givenName", "sn", "mail", "mailNickname", "memberOf", "homeDirectory", "msExchUserCulture" };

    // CN = Common Name
    // OU = Organizational Unit
    // DC = Domain Component

    string searchBase = "DC=cor,DC=local";
    string searchFilter = "(&(objectClass=user)(objectCategory=person))";

    string ldapHost = MySamples.TestSettings.ldapHost;
    int ldapPort = MySamples.TestSettings.ldapPort;//System.Convert.ToInt32(args[1]);
    string loginDN = MySamples.TestSettings.loginDN; // args[2];
    string password = MySamples.TestSettings.password; // args[3];


    Novell.Directory.Ldap.LdapConnection lc = new Novell.Directory.Ldap.LdapConnection();
    int ldapVersion = Novell.Directory.Ldap.LdapConnection.Ldap_V3;
    try
    {
        // connect to the server
        lc.Connect(ldap.Target.ToString(), ldap.Port);
        // bind to the server
        lc.Bind(ldapVersion, loginDN, password);

        Novell.Directory.Ldap.LdapSearchConstraints cons = lc.SearchConstraints;
        cons.ReferralFollowing = true;
        lc.Constraints = cons;

        // To enable referral following, use LDAPConstraints.setReferralFollowing passing TRUE to enable referrals, or FALSE(default) to disable referrals.

       Novell.Directory.Ldap.LdapSearchResults lsc = lc.Search(searchBase,
                                        Novell.Directory.Ldap.LdapConnection.SCOPE_SUB,
                                        searchFilter,
                                        attrs,
                                        false,
                                        (Novell.Directory.Ldap.LdapSearchConstraints)null);

        while (lsc.HasMore())
        {
            Novell.Directory.Ldap.LdapEntry nextEntry = null;
            try
            {
                nextEntry = lsc.Next();
            }
            catch (Novell.Directory.Ldap.LdapReferralException eR)
            {
                // https://mcmap.net/q/1606802/-a-list-of-all-users-ldap-referral-error-ldapreferralexception
                // The response you received means that the directory you are requesting does not contain the data you look for, 
                // but they are in another directory, and in the response there is the information about the "referral" directory 
                // on which you need to rebind to "redo" the search.This principle in LDAP are the referral.
                // https://www.novell.com/documentation/developer/ldapcsharp/?page=/documentation/developer/ldapcsharp/cnet/data/bp31k5d.html
                // To enable referral following, use LDAPConstraints.setReferralFollowing passing TRUE to enable referrals, or FALSE (default) to disable referrals.

                // are you sure your bind user meaning
                // auth.impl.ldap.userid=CN=DotCMSUser,OU=Service Accounts,DC=mycompany,DC=intranet
                // auth.impl.ldap.password = mypassword123
                // has permissions to the user that is logging in and its groups?
                System.Diagnostics.Debug.WriteLine(eR.LdapErrorMessage);
            }
            catch (Novell.Directory.Ldap.LdapException e)
            {
                // WARNING: Here catches only LDAP-Exception, no other types...
                System.Console.WriteLine("Error: " + e.LdapErrorMessage);
                // Exception is thrown, go for next entry
                continue;
            }


            var atCN = nextEntry.getAttribute("cn");
            var atUN = nextEntry.getAttribute("sAMAccountName");
            var atDN = nextEntry.getAttribute("distinguishedName");
            var atDIN = nextEntry.getAttribute("displayName");


            if (atCN != null)
                System.Console.WriteLine(atCN.StringValue);
            if (atUN != null)
                System.Console.WriteLine(atUN.StringValue);

            if (atDN != null)
                System.Console.WriteLine(atDN.StringValue);

            if (atDIN != null)
                System.Console.WriteLine(atDIN.StringValue);


            System.Console.WriteLine("\n" + nextEntry.DN);
            Novell.Directory.Ldap.LdapAttributeSet attributeSet = nextEntry.getAttributeSet();

            System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
            while (ienum.MoveNext())
            {
                Novell.Directory.Ldap.LdapAttribute attribute = (Novell.Directory.Ldap.LdapAttribute)ienum.Current;
                string attributeName = attribute.Name;
                string attributeVal = attribute.StringValue;
                System.Console.WriteLine(attributeName + "value:" + attributeVal);
            }
        }


    }
    catch (System.Exception ex)
    {
        System.Console.WriteLine(ex.Message);
    }
    finally
    {
        // disconnect with the server
        lc.Disconnect();
    }
}

Riboflavin answered 23/5, 2018 at 14:25 Comment(0)

You have to activate the behaviour which will follow the referral returned by the directory.

I don't know how to do it in C#, but maybe have a look at :

https://www.novell.com/documentation/developer/ldapcsharp/?page=/documentation/developer/ldapcsharp/cnet/data/bp31k5d.html

Brooklet answered 6/9, 2017 at 9:38 Comment(0)

Recommended topics

Hot tags