Connecting to LDAP from C# using DirectoryServices
Asked Answered
C

6

16

I am trying to connect to an edirectory v8.8 server running LDAP. How would I go about doing that in .NET? Can I still use the classes in System.DirectoryService such as DirectoryEntry and DirectorySearcher or are they AD specific? Do I need to specify the "Connection String" any differently?

I am trying something like the code below but it doesn't seem to work...

DirectoryEntry de = new DirectoryEntry ("LDAP://novellBox.sample.com","admin","password",AuthenticationTypes.None);
DirectorySearcher ds = new DirectorySearcher(de);
var test = ds.FindAll();

Any ideas?

Cabral answered 17/9, 2009 at 7:32 Comment(0)
S
14

Well, I think your connection string is missing a bit - specifying just the server name isn't good enough - you also need to specify a "starting point" for your search.

In AD, this would typically be something like the "Users" container in your domain, which you'd specify like this in LDAP parlance:

LDAP://novellBox.sample.com/cn=Users,dc=YourCompany,dc=com

Not sure how LDAP compliant the newer versions of eDirectory are - but that should work since in theory, it's standard LDAP regardless of the implementation :-)

But then again: only in theory, there's no difference between theory and practice.....

There's also a System.DirectoryServices.Protocols namespace which offers low-level LDAP calls directly - and that's definitely not tied to AD at all, but it's really quite low-level.....

There's also a Novell C# LDAP library but I've never tried it and can't say how complete or capable it is. It might give you some clues, though!

Also see this other Stackoverflow question about Novell, LDAP and C# - it might give you additional info.

Sykes answered 17/9, 2009 at 7:55 Comment(2)
Hi Marc, no go with this either. eDirectory doesn't seem to like it. The SEs reckon the DC in the connection string is very AD specific. I had already seen the other question, but was trying to stay closer to the general MS implementation rather than take a dependency on yet another implementation.Cabral
eDir syntax is rarely ending in dc=this,dc=that. More typically it would be ou=OrgU,o=Org instead of the dc= notation. Obviously you have to have the correct specific DN for the search base...Midday
B
6

I had a hard time figuring this out but you could use something like the following, it worked sweet for me:

Domain domain = Domain.GetDomain(new DirectoryContext(DirectoryContextType.Domain, "novellBox.sample.com");
DirectorySearcher ds = new DirectorySearcher(domain.GetDirectoryEntry(), searchQuery);
using (SearchResultCollection src = ds.FindAll())
{....}
Bice answered 17/9, 2009 at 7:41 Comment(3)
Hi Fermin, is this connecting to edirectory or AD? the "Domain" object seems to live in the ActiveDirectory namespace. Still trying to get it to work though.Cabral
What's searchQuery? samples? . Any final solution with full source code sample application ? IMHO, better samples for minimize learning curve are real applications with full source code and good patterns.Volumeter
searchQuery is whatever you are trying to find. Samples are available on MSDN: msdn.microsoft.com/en-us/library/….Bice
A
4

I think you need to use LDAP syntax for the host.

Make sure you don't forget to release the connection with using - if you don't dispose of the directory entries they hang around forever until the pool runs out and your app breaks.

using (DirectoryEntry de = new DirectoryEntry ("LDAP://CN=server,DC=domain,DC=com","admin","password",AuthenticationTypes.Secure))
{
    ...
}
Ambiguous answered 17/9, 2009 at 7:39 Comment(0)
W
3

Depending on the directory server configuration, you might actually need to use the System.DirectoryServices.Protocols namespace. I wrote up a post on connecting to OpenLDAP with it.

http://mikemstech.blogspot.com/2013/03/searching-non-microsoft-ldap.html

Walters answered 7/3, 2013 at 18:35 Comment(0)
S
1

I am trying to connect to an edirectory 8.8 server running LDAP. How would I go about doing that in .Net? Can I still use the classes in System.DirectoryService such as DirectoryEntry and DirectorySearcher or are they AD specific?

We are using System.DirectoryServices for Microsoft Active Directory, OpenLDAP running on Linux and eDirectiry without any problem. So the answer is yes, you can use these classes to access eDir.

Do I need to specify the "Connection String" any differently?

Yes you are. When passing to DirectoryEntry a string starting with "LDAP://" you need to conform to the LDAP syntax which is very different than URI syntax.

I recommend you to use an LDAP browser (google it, there are many free downloads) in order to get the correct path to the root object otherwise you will spend time on trying to figure out the correct object types.

Smiga answered 22/6, 2010 at 19:44 Comment(0)
C
1

If the external LDAP require authentication with DN try this: first retrieve the DN of user, then try the authentication with DN and user credentials. I've tested it on Domino LDAP.

// Autheticate in external LDAP
string ldapserver = "10.1.1.1:389";
string ldapbasedn = "o=mycompany";
string ldapuser = "cn=Administrator,o=mycompany";
string ldappassword = "adminpassword";
string ldapfilter = "(&(objectclass=person)(cn={0}))";

string user = "usertest";
string password = "userpassword";
try
{
    string DN = "";
    using (DirectoryEntry entry = new DirectoryEntry("LDAP://" + ldapserver + "/" + ldapbasedn, ldapuser, ldappassword, AuthenticationTypes.None))
    {
        DirectorySearcher ds = new DirectorySearcher(entry);
        ds.SearchScope = SearchScope.Subtree;
        ds.Filter = string.Format(ldapfilter, user);
        SearchResult result = ds.FindOne();
        if (result != null )
        {
            DN = result.Path.Replace("LDAP://" + ldapserver + "/" , "");
        }
    }
    // try logon   
    using (DirectoryEntry entry = new DirectoryEntry("LDAP://" + ldapserver + "/" + ldapbasedn, DN, password, AuthenticationTypes.None))
    {
        DirectorySearcher ds = new DirectorySearcher(entry);
        ds.SearchScope = SearchScope.Subtree;
        SearchResult result = ds.FindOne();
    }
} catch (Exception) { }
Charest answered 13/6, 2013 at 11:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.