ActiveDirectory / LDAP Searching
-
I have a requirement to authenticate users against a non-MS LDAP service using non-standard attributes. The general method of doing this is to search for the user anonymously, then re-bind to the server with the found DN and the provided password. I'm using the following code to implement the search, but it always fails (error provided below):
DirectoryEntry me; string filter = "(mailLocalAddress=" + uid + ")"; string path = "ldap://10.10.240.19/o=Top"; DirectoryEntry dbE = new DirectoryEntry(path); DirectorySearcher dsE = new DirectorySearcher(dbE, filter); dsE.SizeLimit = 2; SearchResultCollection src = dsE.FindAll(); if (src.Count == 0) { throw new AuthenticationException("Login Incorrect"); } if (src.Count > 1) { throw new AuthenticationException("Invalid LDAP Response"); } me = src[0].GetDirectoryEntry();The error I get is:System.Runtime.InteropServices.COMException (0x80040E37): Unknown error (0x80040e37) at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindAll() at Portal.Login.CheckPassword(String uid, String pass) in c:\inetpub\wwwroot\portal\login.aspx.cs:line 108Now, my base DN is indeed "top". What I am expecting is that the program binds anonymously to the specified LDAP server and does a sub-tree search on o=Top for my filter. Anyone have any ideas? -Adrian -
I have a requirement to authenticate users against a non-MS LDAP service using non-standard attributes. The general method of doing this is to search for the user anonymously, then re-bind to the server with the found DN and the provided password. I'm using the following code to implement the search, but it always fails (error provided below):
DirectoryEntry me; string filter = "(mailLocalAddress=" + uid + ")"; string path = "ldap://10.10.240.19/o=Top"; DirectoryEntry dbE = new DirectoryEntry(path); DirectorySearcher dsE = new DirectorySearcher(dbE, filter); dsE.SizeLimit = 2; SearchResultCollection src = dsE.FindAll(); if (src.Count == 0) { throw new AuthenticationException("Login Incorrect"); } if (src.Count > 1) { throw new AuthenticationException("Invalid LDAP Response"); } me = src[0].GetDirectoryEntry();The error I get is:System.Runtime.InteropServices.COMException (0x80040E37): Unknown error (0x80040e37) at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_AdsObject() at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne) at System.DirectoryServices.DirectorySearcher.FindAll() at Portal.Login.CheckPassword(String uid, String pass) in c:\inetpub\wwwroot\portal\login.aspx.cs:line 108Now, my base DN is indeed "top". What I am expecting is that the program binds anonymously to the specified LDAP server and does a sub-tree search on o=Top for my filter. Anyone have any ideas? -AdrianAfter much searching, I found there is a difference between ldap:// and LDAP:// --- go figure.