Querying Solaris LDAP server

[RJN]

Hi

I've written a code that queries Windows LDAP server and works fine, but
the same doesn't work when querying Solaris LDAP server.

DirectoryEntry de = new DirectoryEntry("LDAP://server.com");
DirectorySearcher ds = new DirectorySearcher(de);
de.Username = "xxx";
de.Password = "yyy";
de.AuthenticationType = AuthenticationTypes.Secure;
ds.Filter = ("(SAMAccountName=xxx)");
SearchResult sr = ds.FindOne();

Without setting the login credentials I get error that "Server is not
operational". if I set the logon details, I'm getting an error that
"Logon failure, unknown user name or bad password".

Can anyone give me sample code to query Solaris LDAP server?

Regards

Rjn

 

[Willy Denoyette [MVP]]

Hi

I've written a code that queries Windows LDAP server and works fine, but
the same doesn't work when querying Solaris LDAP server.

DirectoryEntry de = new DirectoryEntry("LDAP://server.com");
DirectorySearcher ds = new DirectorySearcher(de);
de.Username = "xxx";
de.Password = "yyy";
de.AuthenticationType = AuthenticationTypes.Secure;
ds.Filter = ("(SAMAccountName=xxx)");
SearchResult sr = ds.FindOne();

Without setting the login credentials I get error that "Server is not
operational". if I set the logon details, I'm getting an error that
"Logon failure, unknown user name or bad password".

Can anyone give me sample code to query Solaris LDAP server?

Regards

Rjn

Don't use the DirectoryEntry class to start with, use the LDAP wrapper class namespace
System.DirectoryServices.Protocols instead.

A few warning though, Solaris isn't Windows, so you won't find a property named
"sAMAccountName", what exactly are you trying to achieve?
Note that you won't be able to use Secure credentials if the LDAP server doesn't integrate
with other authentication providers on Solaris, use the LdapConnection and start with a
simple bind, when this works, you can try other more secure authentication types.

Here's a sample snip....

using System;
using System.DirectoryServices.Protocols;
using System.Net;
....
// :389 is optional, it's the default listener port! Make sure the Ldap server
listens on this port, else you have to set the port accordingly

using (LdapConnection ldap = new LdapConnection("server.com:389")) {
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("userName", "usersPwd"));
...
}

Willy.

 

[RJN]

Dear Willy

Thanks for the reply. I'm trying to get the user details of logged user
from the login id. I'm having a .Net webservice which is set with
Integrated windows authentication and no anonymous access allowed. I
could get the user's login from Context.User.Identity.Name. I would want
to query the LDAP server based on this.

I read in the LDAP documentation that SAMAccountName is generic and not
windows specific. So I thought I could query any LDAP server based on
this. My problem currently is authenticating the Solaris LDAP server
which I don't face when I query the windows domain controller. Is there
anything wrong in the way I query the LDAP server?

Once I establish the authentication as per your code, how do I continue
querying the LDAP server? Would you mind giving me the code for that?

Regards

Rajesh

 

[Willy Denoyette [MVP]]

Dear Willy

Thanks for the reply. I'm trying to get the user details of logged user
from the login id. I'm having a .Net webservice which is set with
Integrated windows authentication and no anonymous access allowed. I
could get the user's login from Context.User.Identity.Name. I would want
to query the LDAP server based on this.

I read in the LDAP documentation that SAMAccountName is generic and not
windows specific. So I thought I could query any LDAP server based on
this. My problem currently is authenticating the Solaris LDAP server
which I don't face when I query the windows domain controller. Is there
anything wrong in the way I query the LDAP server?

Once I establish the authentication as per your code, how do I continue
querying the LDAP server? Would you mind giving me the code for that?

Regards

Rajesh

CN=SAM-Account-Name or sAMAccountName is a property used by Windows only, it stores the
Logon name of down-level clients running on LanManager, Windows9X and NT4, It's no property
stored on Solaris LDAP servers. Try to bind to the LDAP server using adsiedit from a Windows
client, and query the Solaris LDAP server, you'll see there is no such attribute for the
user object. But there is more, you are trying to authenticate a windows client on an
Solaris LDAP server, this won't work by all means, Windows clients can only be authenticated
by Windows Domain Controllers (for Windows Domain accounts) or Local Account Managers (for
server local accounts). All you can do is retrieve the clients credentials and use basic
authentication through a bind to the LDAP server.

Willy.