Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The server is not operational

This is the code I'm using to connecting to LDAP

 using (DirEntry = new DirectoryEntry(string.Format("LDAP://{0}/{1}", this.Host, ServerName)))
        {
            DirEntry.RefreshCache();
            if (!string.IsNullOrEmpty(UserName))
            {
                DirEntry.Username = UserName;
                DirEntry.Password = PassWord;
            }
            if (DirEntry.Properties.Contains("objectGUID"))
            {
                byte[] guiddatet = (byte[])DirEntry.Properties["objectGUID"].Value;
                return new Guid(guiddatet);
            }

I get "The server is not operational" error message when I run the code.

Can someone please tell me where I'm doing it wrong. And is there anyway to replace the above code with direct LDAP query.

like image 874
user2327795 Avatar asked Jul 23 '13 20:07

user2327795


People also ask

What does this server is not operational mean?

"Error accessing primary LDAP server: The server is not operational" usually indicates that the hostname or IP address listed in the Primary Server path is not correct, or that an LDAP server is not listening on that address.

What are server operators?

Server Operators. A built-in group that exists only on domain controllers. By default, the group has no members. Server Operators can log on to a server interactively; create and delete network shares; start and stop services; back up and restore files; format the hard disk of the computer; and shut down the computer.

How do I join a server to a domain?

To join a server to a domainNavigate to System and Security, and then click System. Under Related settings, click Rename this PC (advanced). Under the Computer Name tab, click Change. Under Member of, click Domain, type the name of the domain that you wish this server to join, and then click OK.


1 Answers

You should try breaking this into separate parts, so it's easier to manage the logic, and easier to locate where your errors are occurring. I usually go with the following approach in this situation :

  • Create an LdapConnection object so you can set the options you need
  • Setup a NetworkCredential instance with an administrative username and password
  • Bind to the directory with the user so you can issue a direct LDAP query
  • Return a SearchResultEntry so you can process the properties

You have a few options to help you accomplish this, but I'd try something like this :

//Delcare your Network Credential with the administrative Username, Password, and your active directory domain
var credentials = new NetworkCredential(userName, password, domain);

//Create a directory identifier and connection, 
var ldapidentifier = new LdapDirectoryIdentifier(serverName, port, false, false);
var ldapconn = new LdapConnection(ldapidentifier, credentials);

Next, make sure you're setting the right AuthType for your particular instance. Since you're connecting over port 389, just use AuthType.Basic.

ldapconn.AuthType = AuthType.Basic;

As you had asked, there is a very easy way to setup a direct LDAP query using this approach. I'm assuming you're searching by sAMAccountName, but you can modify this as needed :

string ldapFilter = "(&(objectCategory=person)(objectClass=user)(&(sAMAccountName={{UserYouAreTryingToFind}})))";

Now we just have to setup the search request, and send it accordingly :

//Send the search request with our delimited attribute list
var getUserRequest = new SearchRequest(domain, ldapFilter, SearchScope.Subtree, AttributeList)
                                     {SizeLimit = 1};

//Suppress any refferal creation from happening during the search
var SearchControl = new SearchOptionsControl(SearchOption.DomainScope);
getUserRequest.Controls.Add(SearchControl);
var userResponse = (SearchResponse)ldapconn.SendRequest(getUserRequest);

//This is where I load up the entry I've located, 
SearchResultEntry ResultEntry = userResponse.Entries[0];

That should return the user you've queried for, along with any properties you've put into AttributeList. In this context, AttributeList is just a string array (string[]) of property names - in your case you'll want to add one called "objectGUID".

As for reading the properties on the SearchResultEntry, you can do exactly what you had originally :

 if(ResultEntry.Attributes.Contains("objectGUID"))
 {
     // do some stuff here
 }

That should help get you going in the right direction.

Also, if you don't already have a copy of wireshark, I highly suggest you download it - it will be invaluable in diagnosing connection issues with active directory.

like image 70
X3074861X Avatar answered Sep 21 '22 05:09

X3074861X