Menu
help me please deal with the problem.
I'm trying to get the user group with the following code. I run through the mono. The OS Windows data obtained normally (the account is not included in the domain). But when I start the same code on Linux get the error.
What do I need to do to obtain a normal result?
using System;
using System.Text;
using System.DirectoryServices;
using System.Runtime.InteropServices;
namespace ActiveDirectoryTest
{
class Program
{
private static void Main(string[] args)
{
try
{
DirectoryEntry de = new DirectoryEntry("LDAP://sub.domain.com","username@domain","password",AuthenticationTypes.None);
DirectorySearcher search = new DirectorySearcher(de);
search.ReferralChasing=ReferralChasingOption.All;
search.Filter = "(&(ObjectClass=user)(sAMAccountName=username))";
search.PropertiesToLoad.Add("sAMAccountName");
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
var result = search.FindAll()[0];
int propertyCount = result.Properties["memberOf"].Count;
for (int propertyCounter = 0;
propertyCounter < propertyCount;
propertyCounter++)
{
var dn = (String) result.Properties["memberOf"][propertyCounter];
var equalsIndex = dn.IndexOf("=", 1);
var commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
Console.WriteLine("error parse");
}
groupNames.Append(dn.Substring((equalsIndex + 1),
(commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
Console.WriteLine(groupNames.ToString());
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Console.ReadLine();
}
}
}
LdapException: (32) No Such Object LdapException: Server Message: 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of: '' Novell.Directory.Ldap.LdapException
377
Lightweight Directory Access Protocol (LDAP) is an application protocol for working with various directory services. In other words, while it's supported by Active Directory, it's also used with other services.
Combine the LDAP://dc1.corp.domain.com/ with the fully qualified path to the container where the binding user is located (like, say, LDAP://dc1.corp.domain.com/OU=Service Accounts,OU=Corp Objects,DC=corp,DC=domain,DC=com ) and you've got your "connection string".
LDAP. We have an web application developed using c#(VS 2008/3.5 framework). The application uses the mode of authentication as "Windows" with a service account present in domain (Domain1) to run the application as ASP.Net user. We have authentication to be done for the users present in different domain (Domain 2).
To search for and retrieve more than one group, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter.
When using LDAP in Cluster-Mode, the mhost process ' secd ' is leveraged. This process is responsible for user authentication (name mapping). Issues occuring in name mapping get logged to the secd logs, located in the /mroot/etc/mlog file.
1 Description. The Get-ADGroup cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory. 2 Examples. This command gets the group with the SAM account name Administrators. This command gets the group with SID S-1-5-32-544 and the property member. 3 Parameters. Specifies the authentication method to use. ...
To verify LDAPS on a domain controller has been configured and is functioning correctly, perform the following steps on each Domain Controller: Open the Run dialogue box and run the application: ldp.exeor ldp for short When LDP opens, go to the Connectionmenu and click on Connect.. Fill in the ‘Connect’ dialogue box as shown below.
This error is usually generated when the search base is not valid. When you are using clear-text LDAP (my example below uses SSL, but you can comment out the change the authentication type to System.DirectoryServices.AuthenticationTypes.None), you can grab a network capture between your application host and the LDAP server on port 389 and see the actual search that is being performed.
Per MS's documentation, you should be able to use LDAP://dc=company,dc=gTLD without specifying a specific domain controller. Because I needed my code to be functional with both Active Directory and pure LDAP servers, I use something like LDAP://DomainController.company.gTLD/ou=UserOU,dc=company,dc=gTLD where the LDAP hostname and search base is included.
The function I use for LDAP authentication:
protected string ldapAuthentication(string strLDAPServer, string strSuppliedUser, string strSuppliedPwd, string strSystemUID, string strSystemPwd, string strLDAPUserBase, string strUIDAttr){
strSuppliedUser = strSuppliedUser.Trim();
string strResults = "";
string strLDAPUserHost = strLDAPServer + strLDAPUserBase;
// Establish LDAP connection and bind with system ID
System.DirectoryServices.DirectoryEntry dirEntry = new System.DirectoryServices.DirectoryEntry();
dirEntry.Path = strLDAPUserHost;
dirEntry.Username = strSystemUID;
dirEntry.Password = strSystemPwd;
dirEntry.AuthenticationType = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer;
try
{
dirEntry.RefreshCache();
// Search directory for the user logging on
string strLDAPFilter = "(&(objectClass=user)(" + strUIDAttr + "=" + strSuppliedUser + "))";
System.DirectoryServices.DirectorySearcher ldapSearch = new System.DirectoryServices.DirectorySearcher(dirEntry);
ldapSearch.ServerTimeLimit = new TimeSpan(0, 0, 30);
ldapSearch.Filter = strLDAPFilter;
ldapSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
System.DirectoryServices.SearchResultCollection searchResults = ldapSearch.FindAll();
if (searchResults.Count == 1){
...
This function is called like:
strInputResults = ldapAuthentication("LDAP://DomainController.company.gTLD/", strInputSuppliedUser, strInputSuppliedPwd, "[email protected]", "Syst3mP@s5w0rd", "ou=UserOU,dc=company,dc=gTLD","sAMAccountName");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
