I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit


AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials
are not checked at all. You should specify None as type, this will force Basic
authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other
types are not supported.
Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when
connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the
same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by
SDS).
Following snip illustrates how you can bind using basic authentication.

using System.DirectoryServices.Protocols;
....
using (LdapConnection ldap = new LdapConnection("ldapserverName"))
{
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the
bind, username in upn format
// do whatever you need to do with the store
SearchRequest req = new SearchRequest("cn=....", ....
....
}


Willy.

OK, I'll try the approach with DirectoryServices.Protocols then. Thanks
for the tip.

Dorrit

Willy Denoyette [MVP] schrieb:

> <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> I need to validate a user with username and password against our
> OpenLDAP active directory. This is my code:
>
> Private bool ValidateUser (string username, string password)
> {
> DirectoryEntry userEntry = new DirectoryEntry(
> ldapPath, username, password,
> AuthenticationTypes.Anonymous);
> //Bind to the native AdsObject to force authentication.
>
> Object obj = userEntry.NativeObject;
> DirectorySearcher search = new
> DirectorySearcher(userEntry);
> search.Filter = "(cn=" + username + ")";
> search.PropertiesToLoad.Add("cn");
> SearchResult result = search.FindOne();
> if (result != null)
> return true;
> else
> return false;
> }
>
> The problem is, it returns also true if the username is correct, but
> the password is false.
> It looks like the user is located but not authenthicated.
>
> I have already tried with several AuthenthicationTypes:
> I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
> AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
> AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.
>
> I get an exception "Die angeforderte Authentifizierungsmethode wird
> durch den Server nicht unterstützt" (authenthication method not
> supported by server) for AuthenthicationTypes.Secure or if I don't
> specify an AuthenthicationType.
>
> Any help is appreciated!
> Dorrit
>
>
> AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials
> are not checked at all. You should specify None as type, this will force Basic
> authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other
> types are not supported.
> Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when
> connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the
> same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by
> SDS).
> Following snip illustrates how you can bind using basic authentication.
>
> using System.DirectoryServices.Protocols;
> ...
> using (LdapConnection ldap = new LdapConnection("ldapserverName"))
> {
> ldap.AuthType = AuthType.Basic;
> ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the
> bind, username in upn format
> // do whatever you need to do with the store
> SearchRequest req = new SearchRequest("cn=....", ....
> ...
> }
>
>
> Willy.