Re: How to authenticate to iPlanet server using LDAPS?
From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 10/19/05
- Next message: Khurram : "Re: Same Application with Web and Desktop Application Interface"
- Previous message: Paul Clement: "Re: integrated login and folder permissions"
- In reply to: JohnnyO''''Clock_at_community.nospam: "How to authenticate to iPlanet server using LDAPS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Oct 2005 09:23:32 -0500
You need to be using AuthenticationTypes.SecureSocketsLayer. If that
doesn't work, there is probably an issue with the local LDAP client
accepting the certificate from the server. There are 3 main reasons this
fail:
- The DNS name in your binding string doesn't match the DNS name in the
cert
- The cert is expired or not yet valid
- The local client does not trust the server's certificate
Essentially, these are the same reasons you get a certificate warning dialog
in IE, except that LDAP always fails on these conditions.
The System event log may also contain errors from Schannel that tell you
what the problem was. If not, you can also bump up the logging level:
http://support.microsoft.com/?id=260729
Since you are using .NET 2.0 also, you might consider using
System.DirectoryServices.Protocols for this purpose. It is lower level and
has the benefit of eliminating all of the ADSI layer from the LDAP calls.
Joe K.
<JohnnyO''''Clock@community.nospam> wrote in message
news:6DA34789-33FB-4246-B473-E456ECE2FECD@microsoft.com...
> I've been trying to build an LDAP provider in ASP.Net 2.0. I know the
> basic
> steps are to search the directory for user object, grab the full user
> object
> context and bind to it securely, and then attempt to authenticate by
> sending
> the username and password. I can't find any documentation on using LDAPS
> for
> authenticating to a non-microsoft ldap server. Here's a console code
> snippet
> I've been using which works and enumerates a user's properties:
>
> using System;
> using System.Collections.Generic;
> using System.Text;
> using System.DirectoryServices;
>
> namespace iPlanet
> {
> class Program
> {
>
>
> static void Main(string[] args)
> {
> string adsPath = "LDAP://ldap.school.edu/dc=school,dc=edu";
>
> //Explicitly create our SearchRoot
> DirectoryEntry searchRoot = new DirectoryEntry(
> adsPath,
> null,
> null,
> AuthenticationTypes.None
> );
> //AuthenticationTypes.None - works
> //AuthenticationTypes.Anonymous - doesn't work
> //AuthenticationTypes.Secure - doesn't work
> //AuthenticationTypes.SecureSocketsLayer - doesn't work
> //AuthenticationTypes.Encryption - doesn't work
> //AuthenticationTypes.ReadonlyServer - works
> //AuthenticationTypes.ServerBind - works
> //AuthenticationTypes.Signing - works
> //AuthenticationTypes.Sealing - works
> //AuthenticationTypes.FastBind - works
> //AuthenticationTypes.Delegation - works
>
> using (searchRoot)
> {
> DirectorySearcher ds = new DirectorySearcher(
> searchRoot,
> "(uid=jdoe)" //user being searched for
> );
>
> using (SearchResultCollection src = ds.FindAll())
> {
> //Console.WriteLine("Returning {0}", src.Count);
>
> foreach (SearchResult sr in src)
> {
> foreach (string prop in
> sr.Properties.PropertyNames)
> {
> foreach (object o in sr.Properties[prop])
> {
> Console.WriteLine("{0}: {1}", prop, o);
> }
> }
> }
> }
> }
> }
> }
> }
>
> The problem I have is when I've tried to bind to the LDAP server. It
> errors
> out with the message that the server may not be operational. What the
> correct
> authentication type for an iPlanet ldao server?
>
- Next message: Khurram : "Re: Same Application with Web and Desktop Application Interface"
- Previous message: Paul Clement: "Re: integrated login and folder permissions"
- In reply to: JohnnyO''''Clock_at_community.nospam: "How to authenticate to iPlanet server using LDAPS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
