Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > How to authenticate to iPlanet server using LDAPS?

Reply
Thread Tools

How to authenticate to iPlanet server using LDAPS?

 
 
JohnnyO''''Clock@community.nospam
Guest
Posts: n/a
 
      10-19-2005
I've been trying to build an LDAP provider in ASP.Net 2.0. I know the basic
steps are to search the directory for user object, grab the full user object
context and bind to it securely, and then attempt to authenticate by sending
the username and password. I can't find any documentation on using LDAPS for
authenticating to a non-microsoft ldap server. Here's a console code snippet
I've been using which works and enumerates a user's properties:

using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;

namespace iPlanet
{
class Program
{


static void Main(string[] args)
{
string adsPath = "LDAP://ldap.school.edu/dc=school,dc=edu";

//Explicitly create our SearchRoot
DirectoryEntry searchRoot = new DirectoryEntry(
adsPath,
null,
null,
AuthenticationTypes.None
);
//AuthenticationTypes.None - works
//AuthenticationTypes.Anonymous - doesn't work
//AuthenticationTypes.Secure - doesn't work
//AuthenticationTypes.SecureSocketsLayer - doesn't work
//AuthenticationTypes.Encryption - doesn't work
//AuthenticationTypes.ReadonlyServer - works
//AuthenticationTypes.ServerBind - works
//AuthenticationTypes.Signing - works
//AuthenticationTypes.Sealing - works
//AuthenticationTypes.FastBind - works
//AuthenticationTypes.Delegation - works

using (searchRoot)
{
DirectorySearcher ds = new DirectorySearcher(
searchRoot,
"(uid=jdoe)" //user being searched for
);

using (SearchResultCollection src = ds.FindAll())
{
//Console.WriteLine("Returning {0}", src.Count);

foreach (SearchResult sr in src)
{
foreach (string prop in sr.Properties.PropertyNames)
{
foreach (object o in sr.Properties[prop])
{
Console.WriteLine("{0}: {1}", prop, o);
}
}
}
}
}
}
}
}

The problem I have is when I've tried to bind to the LDAP server. It errors
out with the message that the server may not be operational. What the correct
authentication type for an iPlanet ldao server?

 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      10-19-2005
You need to be using AuthenticationTypes.SecureSocketsLayer. If that
doesn't work, there is probably an issue with the local LDAP client
accepting the certificate from the server. There are 3 main reasons this
fail:
- The DNS name in your binding string doesn't match the DNS name in the
cert
- The cert is expired or not yet valid
- The local client does not trust the server's certificate

Essentially, these are the same reasons you get a certificate warning dialog
in IE, except that LDAP always fails on these conditions.

The System event log may also contain errors from Schannel that tell you
what the problem was. If not, you can also bump up the logging level:
http://support.microsoft.com/?id=260729

Since you are using .NET 2.0 also, you might consider using
System.DirectoryServices.Protocols for this purpose. It is lower level and
has the benefit of eliminating all of the ADSI layer from the LDAP calls.

Joe K.

<JohnnyO''''(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've been trying to build an LDAP provider in ASP.Net 2.0. I know the
> basic
> steps are to search the directory for user object, grab the full user
> object
> context and bind to it securely, and then attempt to authenticate by
> sending
> the username and password. I can't find any documentation on using LDAPS
> for
> authenticating to a non-microsoft ldap server. Here's a console code
> snippet
> I've been using which works and enumerates a user's properties:
>
> using System;
> using System.Collections.Generic;
> using System.Text;
> using System.DirectoryServices;
>
> namespace iPlanet
> {
> class Program
> {
>
>
> static void Main(string[] args)
> {
> string adsPath = "LDAP://ldap.school.edu/dc=school,dc=edu";
>
> //Explicitly create our SearchRoot
> DirectoryEntry searchRoot = new DirectoryEntry(
> adsPath,
> null,
> null,
> AuthenticationTypes.None
> );
> //AuthenticationTypes.None - works
> //AuthenticationTypes.Anonymous - doesn't work
> //AuthenticationTypes.Secure - doesn't work
> //AuthenticationTypes.SecureSocketsLayer - doesn't work
> //AuthenticationTypes.Encryption - doesn't work
> //AuthenticationTypes.ReadonlyServer - works
> //AuthenticationTypes.ServerBind - works
> //AuthenticationTypes.Signing - works
> //AuthenticationTypes.Sealing - works
> //AuthenticationTypes.FastBind - works
> //AuthenticationTypes.Delegation - works
>
> using (searchRoot)
> {
> DirectorySearcher ds = new DirectorySearcher(
> searchRoot,
> "(uid=jdoe)" //user being searched for
> );
>
> using (SearchResultCollection src = ds.FindAll())
> {
> //Console.WriteLine("Returning {0}", src.Count);
>
> foreach (SearchResult sr in src)
> {
> foreach (string prop in
> sr.Properties.PropertyNames)
> {
> foreach (object o in sr.Properties[prop])
> {
> Console.WriteLine("{0}: {1}", prop, o);
> }
> }
> }
> }
> }
> }
> }
> }
>
> The problem I have is when I've tried to bind to the LDAP server. It
> errors
> out with the message that the server may not be operational. What the
> correct
> authentication type for an iPlanet ldao server?
>



 
Reply With Quote
 
 
 
 
Joe Kaplan \(MVP - ADSI\)
Guest
Posts: n/a
 
      05-08-2006
Do you get any Schannel errors in the System event log on the web server
when it tries to make the LDAPS connection to iPlanet? Normally, if there
is a problem with the SSL handshake, it will be reported there.

Joe K.

"karampuris" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> Hi,
>
> I am stuck with similar problem that of yours. Let me know if you were
> able to find a solution.
>
> My code in asp.net works fine when using 389 but not with 636.
> I have installed the certificate and tried.
>
> I will be glad if you can help me out.
>
> Sushil
>
> JohnnyO''''(E-Mail Removed) wrote:
>> *I've been trying to build an LDAP provider in ASP.Net 2.0. I know
>> the basic
>> steps are to search the directory for user object, grab the full user
>> object
>> context and bind to it securely, and then attempt to authenticate by
>> sending
>> the username and password. I can't find any documentation on using
>> LDAPS for
>> authenticating to a non-microsoft ldap server. Here's a console code
>> snippet
>> I've been using which works and enumerates a user's properties:
>>
>> using System;
>> using System.Collections.Generic;
>> using System.Text;
>> using System.DirectoryServices;
>>
>> namespace iPlanet
>> {
>> class Program
>> {
>>
>>
>> static void Main(string[] args)
>> {
>> string adsPath = "LDAP://ldap.school.edu/dc=school,dc=edu";
>>
>> //Explicitly create our SearchRoot
>> DirectoryEntry searchRoot = new DirectoryEntry(
>> adsPath,
>> null,
>> null,
>> AuthenticationTypes.None
>> );
>> //AuthenticationTypes.None - works
>> //AuthenticationTypes.Anonymous - doesn't work
>> //AuthenticationTypes.Secure - doesn't work
>> //AuthenticationTypes.SecureSocketsLayer - doesn't work
>> //AuthenticationTypes.Encryption - doesn't work
>> //AuthenticationTypes.ReadonlyServer - works
>> //AuthenticationTypes.ServerBind - works
>> //AuthenticationTypes.Signing - works
>> //AuthenticationTypes.Sealing - works
>> //AuthenticationTypes.FastBind - works
>> //AuthenticationTypes.Delegation - works
>>
>> using (searchRoot)
>> {
>> DirectorySearcher ds = new DirectorySearcher(
>> searchRoot,
>> "(uid=jdoe)" //user being searched for
>> );
>>
>> using (SearchResultCollection src = ds.FindAll())
>> {
>> //Console.WriteLine("Returning {0}", src.Count);
>>
>> foreach (SearchResult sr in src)
>> {
>> foreach (string prop in sr.Properties.PropertyNames)
>> {
>> foreach (object o in sr.Properties[prop])
>> {
>> Console.WriteLine("{0}: {1}", prop, o);
>> }
>> }
>> }
>> }
>> }
>> }
>> }
>> }
>>
>> The problem I have is when I've tried to bind to the LDAP server. It
>> errors
>> out with the message that the server may not be operational. What the
>> correct
>> authentication type for an iPlanet ldao server? *

>
>
>
> --
> karampuris
> ------------------------------------------------------------------------
> Posted via http://www.codecomments.com
> ------------------------------------------------------------------------
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: How include a large array? Edward A. Falk C Programming 1 04-04-2013 08:07 PM
important: Trying to coordinate iPlanet with IIS =?Utf-8?B?Q3JhaWc=?= ASP .Net 1 09-02-2005 04:04 PM
webclasses in iplanet =?Utf-8?B?QXJ1bmFjaGFsYW0uUw==?= ASP .Net 1 01-28-2005 02:12 PM
iPlanet and Tomcat configuration Newcomer Java 0 07-10-2003 05:29 PM
Struts 1.1 and Sun iPlanet 6.0 (SP4) Paul Symes Java 0 06-30-2003 03:48 PM



Advertisments