How to connect to Active Directory via LDAPS in C#?

Question

Found a documentation (here) in an answer thread on this site but i can´t get an connection to an AD. When i use a program like Active Directory Explorer i can connect. I think, because i am trying to connect to a LDAPS i need a different approach?

I have the server IP, a domain, username/pwd and the port 636. I tried various combinations @ new DirectoryEntry but couldn´t get it to connect. Always get a COMException Domain is not existing .

    static DirectoryEntry createDirectoryEntry()
    {
        DirectoryEntry ldapConnection = new DirectoryEntry("LDAP://192.168.2.59", USER, PWD);

        ldapConnection.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;

        return ldapConnection;
    }            

---

Background Infos: User places his card to a Card Reader Unit. Porgram gets ID from card and searches the DB for this ID and returns the eMail address belonging to the ID/User . And here the working solution:

        private string getEmail(string userID)
    {
        try
        {
            string ldapfilter = "(&(otherPager=" + userID + "))";

            DirectoryEntry myLdapConnection = new DirectoryEntry("LDAP://" + SERVER, USER, PWD);
            DirectorySearcher search = new DirectorySearcher(myLdapConnection);
            search.Filter = ldapfilter;

            /*search.PropertiesToLoad.Add("mail");
            SearchResult result = search.FindOne();*/

            string[] requiredValue = new String[] { "mail" };

            foreach (String value in requiredValue)
                search.PropertiesToLoad.Add(value);

            SearchResult result = search.FindOne();

            if (result != null)
            {
                foreach (String value in requiredValue)
                    foreach (Object myCollection in result.Properties[value])
                    {
                       return myCollection.ToString();
                    }    
            }
            else
            {
                return "No Entry fround";
            }
        }
        catch (Exception e)
        {
            Console.WriteLine("Exception Problem: " + e.ToString());
            return null;
        }
        return null;
    }



    private void cmdClose_Click(object sender, EventArgs e)
    {
        Close();
    }

    private void textBox1_TextChanged(object sender, EventArgs e)
    {
        label1.Text = getEmail(textBox1.Text);
    }

Answer 1

You need to specify the port, since 636 is the default LDAPS port.

new DirectoryEntry("LDAP://192.168.2.59:636", USER, PWD)

I do this in some of my code, and using "LDAP://" (not "LDAPS://") is what works.

If that doesn't work, then there may be a certificate error. You can test this with a browser. If you use Chrome, open Chrome with this (so it lets you use port 636):

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --explicitly-allowed-ports=636

Then go to https://192.168.2.59:636. If you get a big fancy certificate error, then the problem is that the certificate is not trusted. View the certificate from Chrome and see what the problem is. It could be issued by an authority that is not in the Windows cert store.