By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,152 Members | 2,159 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,152 IT Pros & Developers. It's quick & easy.

Authenticate user in OpenLDAP with username and password

P: n/a
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit

Jan 5 '07 #1
Share this Question
Share on Google+
3 Replies


P: n/a
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit

Jan 5 '07 #2

P: n/a
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit
AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials
are not checked at all. You should specify None as type, this will force Basic
authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other
types are not supported.
Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when
connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the
same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by
SDS).
Following snip illustrates how you can bind using basic authentication.

using System.DirectoryServices.Protocols;
....
using (LdapConnection ldap = new LdapConnection("ldapserverName"))
{
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the
bind, username in upn format
// do whatever you need to do with the store
SearchRequest req = new SearchRequest("cn=....", ....
....
}
Willy.


Jan 5 '07 #3

P: n/a
OK, I'll try the approach with DirectoryServices.Protocols then. Thanks
for the tip.

Dorrit

Willy Denoyette [MVP] schrieb:
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit
AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials
are not checked at all. You should specify None as type, this will force Basic
authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other
types are not supported.
Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when
connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the
same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by
SDS).
Following snip illustrates how you can bind using basic authentication.

using System.DirectoryServices.Protocols;
...
using (LdapConnection ldap = new LdapConnection("ldapserverName"))
{
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the
bind, username in upn format
// do whatever you need to do with the store
SearchRequest req = new SearchRequest("cn=....", ....
...
}
Willy.
Jan 11 '07 #4

This discussion thread is closed

Replies have been disabled for this discussion.