Connecting to LDAP from C# using DirectoryServices

Question

I am trying to connect to an edirectory v8.8 server running LDAP. How would I go about doing that in .NET? Can I still use the classes in System.DirectoryService such as DirectoryEntry and DirectorySearcher or are they AD specific? Do I need to specify the "Connection String" any differently?

I am trying something like the code below but it doesn't seem to work...

DirectoryEntry de = new DirectoryEntry ("LDAP://novellBox.sample.com","admin","password",AuthenticationTypes.None);
DirectorySearcher ds = new DirectorySearcher(de);
var test = ds.FindAll();

Any ideas?

Community · Accepted Answer · 2017-05-23 12:34:04Z

14

Well, I think your connection string is missing a bit - specifying just the server name isn't good enough - you also need to specify a "starting point" for your search.

In AD, this would typically be something like the "Users" container in your domain, which you'd specify like this in LDAP parlance:

LDAP://novellBox.sample.com/cn=Users,dc=YourCompany,dc=com

Not sure how LDAP compliant the newer versions of eDirectory are - but that should work since in theory, it's standard LDAP regardless of the implementation :-)

But then again: only in theory, there's no difference between theory and practice.....

There's also a System.DirectoryServices.Protocols namespace which offers low-level LDAP calls directly - and that's definitely not tied to AD at all, but it's really quite low-level.....

There's also a Novell C# LDAP library but I've never tried it and can't say how complete or capable it is. It might give you some clues, though!

Also see this other Stackoverflow question about Novell, LDAP and C# - it might give you additional info.

edited May 23, 2017 at 12:34

CommunityBot

11 silver badge

answered Sep 17, 2009 at 7:55

marc_s

760k186 gold badges1.4k silver badges1.5k bronze badges

Sign up to request clarification or add additional context in comments.

2 Comments

Chaitanya Over a year ago

Hi Marc, no go with this either. eDirectory doesn't seem to like it. The SEs reckon the DC in the connection string is very AD specific. I had already seen the other question, but was trying to stay closer to the general MS implementation rather than take a dependency on yet another implementation.

geoffc Over a year ago

eDir syntax is rarely ending in dc=this,dc=that. More typically it would be ou=OrgU,o=Org instead of the dc= notation. Obviously you have to have the correct specific DN for the search base...

Fermin · Accepted Answer · 2009-09-17 07:41:04Z

7

I had a hard time figuring this out but you could use something like the following, it worked sweet for me:

Domain domain = Domain.GetDomain(new DirectoryContext(DirectoryContextType.Domain, "novellBox.sample.com");
DirectorySearcher ds = new DirectorySearcher(domain.GetDirectoryEntry(), searchQuery);
using (SearchResultCollection src = ds.FindAll())
{....}

answered Sep 17, 2009 at 7:41

Fermin

36.3k22 gold badges87 silver badges131 bronze badges

3 Comments

Chaitanya Over a year ago

Hi Fermin, is this connecting to edirectory or AD? the "Domain" object seems to live in the ActiveDirectory namespace. Still trying to get it to work though.

Kiquenet Over a year ago

What's searchQuery? samples? . Any final solution with full source code sample application ? IMHO, better samples for minimize learning curve are real applications with full source code and good patterns.

Fermin Over a year ago

searchQuery is whatever you are trying to find. Samples are available on MSDN: msdn.microsoft.com/en-us/library/….

wefwfwefwe · Accepted Answer · 2009-09-17 07:39:26Z

4

I think you need to use LDAP syntax for the host.

Make sure you don't forget to release the connection with using - if you don't dispose of the directory entries they hang around forever until the pool runs out and your app breaks.

using (DirectoryEntry de = new DirectoryEntry ("LDAP://CN=server,DC=domain,DC=com","admin","password",AuthenticationTypes.Secure))
{
    ...
}

answered Sep 17, 2009 at 7:39

wefwfwefwe

3,5261 gold badge23 silver badges24 bronze badges

Comments

RBT · Accepted Answer · 2023-04-13 02:34:54Z

3

Depending on the directory server configuration, you might actually need to use the System.DirectoryServices.Protocols namespace. I wrote up a post on connecting to OpenLDAP with it.

http://mikemstech.blogspot.com/2013/03/searching-non-microsoft-ldap.html

edited Apr 13, 2023 at 2:34

RBT

26.3k24 gold badges178 silver badges267 bronze badges

answered Mar 7, 2013 at 18:35

Mike Burr

1461 silver badge7 bronze badges

Comments

Renzo Ciot · Accepted Answer · 2013-06-13 11:10:12Z

If the external LDAP require authentication with DN try this: first retrieve the DN of user, then try the authentication with DN and user credentials. I've tested it on Domino LDAP.

// Autheticate in external LDAP
string ldapserver = "10.1.1.1:389";
string ldapbasedn = "o=mycompany";
string ldapuser = "cn=Administrator,o=mycompany";
string ldappassword = "adminpassword";
string ldapfilter = "(&(objectclass=person)(cn={0}))";

string user = "usertest";
string password = "userpassword";
try
{
    string DN = "";
    using (DirectoryEntry entry = new DirectoryEntry("LDAP://" + ldapserver + "/" + ldapbasedn, ldapuser, ldappassword, AuthenticationTypes.None))
    {
        DirectorySearcher ds = new DirectorySearcher(entry);
        ds.SearchScope = SearchScope.Subtree;
        ds.Filter = string.Format(ldapfilter, user);
        SearchResult result = ds.FindOne();
        if (result != null )
        {
            DN = result.Path.Replace("LDAP://" + ldapserver + "/" , "");
        }
    }
    // try logon   
    using (DirectoryEntry entry = new DirectoryEntry("LDAP://" + ldapserver + "/" + ldapbasedn, DN, password, AuthenticationTypes.None))
    {
        DirectorySearcher ds = new DirectorySearcher(entry);
        ds.SearchScope = SearchScope.Subtree;
        SearchResult result = ds.FindOne();
    }
} catch (Exception) { }

Kiquenet · Accepted Answer · 2014-08-21 12:07:17Z

I am trying to connect to an edirectory 8.8 server running LDAP. How would I go about doing that in .Net? Can I still use the classes in System.DirectoryService such as DirectoryEntry and DirectorySearcher or are they AD specific?

We are using System.DirectoryServices for Microsoft Active Directory, OpenLDAP running on Linux and eDirectiry without any problem. So the answer is yes, you can use these classes to access eDir.

Do I need to specify the "Connection String" any differently?

Yes you are. When passing to DirectoryEntry a string starting with "LDAP://" you need to conform to the LDAP syntax which is very different than URI syntax.

I recommend you to use an LDAP browser (google it, there are many free downloads) in order to get the correct path to the root object otherwise you will spend time on trying to figure out the correct object types.

Collectives™ on Stack Overflow

Connecting to LDAP from C# using DirectoryServices

6 Answers 6

2 Comments

3 Comments

Comments

Comments

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

6 Answers 6

2 Comments

3 Comments

Comments

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related