Connect to open LDAP over ssl
Solution 1
If you only want encryption and do not need strong authentication of the ldap server, maybe you should add :
connection.SessionOptions.VerifyServerCertificate =
new VerifyServerCertificateCallback((con, cer) => true);
Solution 2
I also had a problem connecting via SSL, but not over plaintext. I did some network sniffing and was able to see that although I set the LdapConnection.AuthType to Basic, my client machine was finding and using client certificates for the SSL handshake. The certificate it found (don't know if I should be mad at VisualStudio or the .NET LdapConnection class) was a cheesy self-signed cert that the LDAP server did not like. It returned a very secure "server unavailable" error; good for it. So there is a client certificate resolver delegate in the SessionOptions I needed to provide with a very simple implementation:
public static X509Certificate ClientCertFinder(LdapConnection connection,
byte[][] trustedCAs)
{
return null;
}
Then, set the SessionOptions QueryClientCertificateCallback delegate to use the stub like this:
connection.SessionOptions.QueryClientCertificate =
new QueryClientCertificateCallback(ClientCertFinder);
You could probably even make this a oneliner as in @jbl's answer for the validation callback, but maybe some day I'll want to do client-certificate-authentication, and having that stub serves as a reminder for how to do it.
Related videos on Youtube
mayank.karki
I am a experienced MCTS Certified dot net developer and developed a range of mobile, desktop and web applications in the past years. Today my main profile is C#, xaml, Windows Phone Windows 8 and WPF. List of technologies, methods and software I use: C#, Windows Phone, Windows 8 (metro apps), Asp.Net, WPF, Win forms, Azure, WCF, Xaml, Mvvm, Linq, Entity Framework, SQL Server, Sqlite, SqlCe, Crystal Reports, Git, Svn, TFS, Bitbucket, Resharper, Visual Studio, I was a team lead in my previous company and delivered many apps appreciated by clients meeting requirements and deadlines. I want some exciting and challenging opportunities to utilize my tech skills and to append them further for the better growth of my own and your business. You can contact me on Skype: mayank.karki90
Updated on June 04, 2022Comments
-
mayank.karki almost 2 years
I am working on a website which is used to reset password of LDAP users. I am not able to make connection with server over ssl. I tried various code and authentication types.
This is what used on server for connectivity with LDAP on which website is hosted. I also tested it with both ssl ports. 636 and 3269.
0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1) res = ldap_bind_s(ld, NULL, &NtAuthIdentity?, NEGOTIATE (1158)); v.3 {NtAuthIdentity?: User='_ldapuser'; Pwd='unavailable';; domain = 'SJTPNOC.DOMAIN'}
I am using following code in website
LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier("SJTP.DOMAIN",636)); connection.SessionOptions.ProtocolVersion = 3; connection.AuthType = AuthType.Basic; connection.Credential = new NetworkCredential("CN=user,CN=Users,DC=SJTPNOC,DC=DOMAIN", "password","CN=Users,DC=SJTPNOC,DC=DOMAIN"); connection.SessionOptions.SecureSocketLayer=true; connection.Bind();
Getting exception "LDAP server is unavailable". I tried that code with 389 port and without ssl and it's working fine.
Please let me know what is wrong.
-
mayank.karki over 11 yearsNow I have to reset user password
-
mayank.karki over 11 yearsI used replace operation on userPassword but getting error "The server cannot handle directory requests.".
-
jbl over 11 years@mayank.karki you should close this question and give a detailed description of your new problem in a new question.
-
mayank.karki over 11 yearsLink of my new question is stackoverflow.com/questions/12635484 /reset-ldap-user-password-error-the-server-cannot-handle-directory-requests Thanks for your support.
-
mayank.karki over 11 yearsHi jbl, I have one more query.This is the link stackoverflow.com/questions/12908745/… .Thanks for replying.
-
mayank.karki over 11 yearsHi jbl I am stuck some where and need your help (stackoverflow.com/questions/13437986/…)