try to access an ldap server from an iis server in a dmz and getting the error message : Information about the domain could not be retrieved (1355). There are articles about appending dns information or using the underlying objects, but these solutions are not working for me so please refrain from google searching and posting the same regurgitated bad advice.
I rewrote the entire layer to use principal objects. That got me a good error message at least.
using System;
using System.Collections;
using System.Collections.Generic;
using System.DirectoryServices;
using System.DirectoryServices.AccountManagement;
using System.Linq;
using System.Web;
using TheDomain.Common.Extensions;
namespace MobileApplications
{
public class Ldap35: IDisposable
{
private string _ldapserver;
private string _adminUser;
private string _adminPassword;
private PrincipalContext _connection;
private UserPrincipal _userData;
private IList<string> _groups;
public delegate void MessagingHandler(string message);
public event MessagingHandler Messaged;
public Ldap35(string server, string adminuser, string adminpassword)
{
_ldapserver = server;
_adminPassword = adminpassword;
_adminUser = adminuser;
}
/// <summary>
/// this will basically instantiate a UserPrincipal
/// </summary>
/// <param name="username">just the user</param>
/// <param name="pass">just the password</param>
/// <param name="domain">the correct domain, not sure if this is thedoamin.com or the_domain</param>
/// <returns></returns>
public bool Authenticate(string username, string pass, string domain)
{
if ( _connection == null)
EstablishDirectoryConnection();
ValidateConnection();
if (!domain.IsEmpty() && !username.Contains("\\") && !username.Contains("/"))
username = domain + "\\" + username;
_userData = UserPrincipal.FindByIdentity(_connection, username);
if (_userData == null)
throw new ApplicationException("Unable to locate user.");
if (! _connection.ValidateCredentials(username, pass))
throw new ApplicationException("Invalid credentials. Unable to log in.");
//_userData = new UserPrincipal( _connection, username, pass, true );
return true;
}
public bool Authenticate(string username, string pass)
{
return Authenticate(username, pass, "");
}
public bool IsMemeberOfGroup(string group)
{
ValidateConnection(); ValidateUser();
return _userData.IsMemberOf(new GroupPrincipal(_connection));
}
public bool IsMemeberOfGroup(string group, bool caseSensitive)
{
if (caseSensitive)
return IsMemeberOfGroup(group);
GetGroups();
return _groups.Any(g => g.ToLower().Trim() == group.ToLower().Trim());
}
// public IList<string> GetGroups()
// {
// if ( _groups == null )
// _groups = new List<string>();
//
// ValidateConnection(); ValidateUser();
//
// var results = _userData.GetGroups();
//
// foreach (var principal in results)
// {
// _groups.Add(principal.Name);
// }
//
// return _groups;
// }
public IList<string> GetGroups()
{
if (_groups == null)
_groups = new List<string>();
ValidateConnection(); ValidateUser();
Print("Getting groups");
DirectoryEntry de = (DirectoryEntry)_userData.GetUnderlyingObject();
object obGroups = de.Invoke("Groups");
foreach (object ob in (IEnumerable)obGroups)
{
// Create object for each group.
var obGpEntry = new DirectoryEntry(ob);
Print(obGpEntry.Name);
_groups.Add(obGpEntry.Name);
}
return _groups;
}
/// <summary>
/// PrincipalContext class to establish a connection to the target directory and specify credentials for performing operations against the directory. This approach is similar to how you would go about establishing context with the DirectoryContext class in the ActiveDirectory namespace.
/// </summary>
/// <param name="adminuser">a user with permissions on the domain controller</param>
/// <param name="adminpassword">the password to go with the above</param>
/// <returns></returns>
private void EstablishDirectoryConnection()
{
_connection = new PrincipalContext(ContextType.Domain, _ldapserver, "DC=thedomain,DC=com", ContextOptions.SimpleBind, _adminUser, _adminPassword);
}
private void Print(string message)
{
if (Messaged != null)
Messaged(message);
}
private void ValidateConnection()
{
if ( _connection == null)
throw new ApplicationException("No connection to server, please check credentials and configuration.");
}
private void ValidateUser()
{
if (_userData == null)
throw new ApplicationException("User is not authenticated. Please verify username and password.");
}
public void Dispose()
{
_userData.Dispose();
_connection.Dispose();
}
}
}
This article Active Directory - Adding a user to a group from a non domain-joined computer throws PrincipalException pointed me in the right direction. Although it really doesn't make sense. I moved to a more modern approach than I posted above using the PrincipalObjects such as follows:
var _connection = new PrincipalContext(ContextType.Domain,
_ldapserver,
"DC=domain,DC=com",
ContextOptions.SimpleBind,
_adminUser,
_adminPassword);
var _userData = UserPrincipal.FindByIdentity(_connection, username);
this allowed me to pass in the correct permissions to the domain controller, but then get groups method on the UserPrinicpal object was throwing the 1155 error.
I resolved this by using the old method as follows. All works well now.
DirectoryEntry de = (DirectoryEntry)_userData.GetUnderlyingObject();
object obGroups = de.Invoke("Groups");
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With