Connect to open LDAP over ssl

c# openldap
11,809

Solution 1

If you only want encryption and do not need strong authentication of the ldap server, maybe you should add :

connection.SessionOptions.VerifyServerCertificate =
                new VerifyServerCertificateCallback((con, cer) => true);

Solution 2

I also had a problem connecting via SSL, but not over plaintext. I did some network sniffing and was able to see that although I set the LdapConnection.AuthType to Basic, my client machine was finding and using client certificates for the SSL handshake. The certificate it found (don't know if I should be mad at VisualStudio or the .NET LdapConnection class) was a cheesy self-signed cert that the LDAP server did not like. It returned a very secure "server unavailable" error; good for it. So there is a client certificate resolver delegate in the SessionOptions I needed to provide with a very simple implementation:

public static X509Certificate ClientCertFinder(LdapConnection connection,
                                                byte[][] trustedCAs)
{
   return null;
}

Then, set the SessionOptions QueryClientCertificateCallback delegate to use the stub like this:

connection.SessionOptions.QueryClientCertificate =
      new QueryClientCertificateCallback(ClientCertFinder);

You could probably even make this a oneliner as in @jbl's answer for the validation callback, but maybe some day I'll want to do client-certificate-authentication, and having that stub serves as a reminder for how to do it.

Share:
11,809

Related videos on Youtube

mayank.karki
Author by

mayank.karki

I am a experienced MCTS Certified dot net developer and developed a range of mobile, desktop and web applications in the past years. Today my main profile is C#, xaml, Windows Phone Windows 8 and WPF. List of technologies, methods and software I use: C#, Windows Phone, Windows 8 (metro apps), Asp.Net, WPF, Win forms, Azure, WCF, Xaml, Mvvm, Linq, Entity Framework, SQL Server, Sqlite, SqlCe, Crystal Reports, Git, Svn, TFS, Bitbucket, Resharper, Visual Studio, I was a team lead in my previous company and delivered many apps appreciated by clients meeting requirements and deadlines. I want some exciting and challenging opportunities to utilize my tech skills and to append them further for the better growth of my own and your business. You can contact me on Skype: mayank.karki90

Updated on June 04, 2022

Comments

  • mayank.karki
    mayank.karki almost 2 years

    I am working on a website which is used to reset password of LDAP users. I am not able to make connection with server over ssl. I tried various code and authentication types.

    This is what used on server for connectivity with LDAP on which website is hosted. I also tested it with both ssl ports. 636 and 3269.

    0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity?, NEGOTIATE (1158)); v.3

{NtAuthIdentity?: User='_ldapuser'; Pwd='unavailable';; domain = 'SJTPNOC.DOMAIN'}

    I am using following code in website

    LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier("SJTP.DOMAIN",636));

connection.SessionOptions.ProtocolVersion = 3;

connection.AuthType = AuthType.Basic;

connection.Credential = new NetworkCredential("CN=user,CN=Users,DC=SJTPNOC,DC=DOMAIN", "password","CN=Users,DC=SJTPNOC,DC=DOMAIN");

connection.SessionOptions.SecureSocketLayer=true;

connection.Bind();

    Getting exception "LDAP server is unavailable". I tried that code with 389 port and without ssl and it's working fine.

    Please let me know what is wrong.

  • mayank.karki
    mayank.karki over 11 years
    Now I have to reset user password
  • mayank.karki
    mayank.karki over 11 years
    I used replace operation on userPassword but getting error "The server cannot handle directory requests.".
  • jbl
    jbl over 11 years
    @mayank.karki you should close this question and give a detailed description of your new problem in a new question.
  • mayank.karki
    mayank.karki over 11 years
    Link of my new question is stackoverflow.com/questions/12635484 /reset-ldap-user-password-error-the-server-cannot-handle-dir‌​ectory-requests Thanks for your support.
  • mayank.karki
    mayank.karki over 11 years
    Hi jbl, I have one more query.This is the link stackoverflow.com/questions/12908745/… .Thanks for replying.
  • mayank.karki
    mayank.karki over 11 years
    Hi jbl I am stuck some where and need your help (stackoverflow.com/questions/13437986/…)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Using SQL Server with Dart
webrtc signalling server in C# dot net
How can I solve FileSystemException: Cannot retrieve length of file, path ='...' (OS Error: No such file or directory, errno = 2)
Is it possible to notify a user of a new message in my Flutter chat app without Firestore or FCM?
Encryption and Descyption issue in Flutter and C#
Encrypt a file in c# and decrypt in flutter
How many socket will open while listening firestore by DocumentReference
Is it possible to bind Route Value to a Custom Attribute's Property in ASP.NET Core Web API?
Instance of 'Future<dynamic>' in Flutter
414 (Request-URI Too Long)