473,390 Members | 1,306 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,390 software developers and data experts.

Authenticate user in OpenLDAP with username and password

I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit

Jan 5 '07 #1
3 26574
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit

Jan 5 '07 #2
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit
AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials
are not checked at all. You should specify None as type, this will force Basic
authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other
types are not supported.
Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when
connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the
same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by
SDS).
Following snip illustrates how you can bind using basic authentication.

using System.DirectoryServices.Protocols;
....
using (LdapConnection ldap = new LdapConnection("ldapserverName"))
{
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the
bind, username in upn format
// do whatever you need to do with the store
SearchRequest req = new SearchRequest("cn=....", ....
....
}
Willy.


Jan 5 '07 #3
OK, I'll try the approach with DirectoryServices.Protocols then. Thanks
for the tip.

Dorrit

Willy Denoyette [MVP] schrieb:
<do********************@communardo.dewrote in message
news:11*********************@v33g2000cwv.googlegro ups.com...
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit
AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials
are not checked at all. You should specify None as type, this will force Basic
authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other
types are not supported.
Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when
connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the
same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by
SDS).
Following snip illustrates how you can bind using basic authentication.

using System.DirectoryServices.Protocols;
...
using (LdapConnection ldap = new LdapConnection("ldapserverName"))
{
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the
bind, username in upn format
// do whatever you need to do with the store
SearchRequest req = new SearchRequest("cn=....", ....
...
}
Willy.
Jan 11 '07 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: Michael Glaesemann | last post by:
Hello all, Recently I've been thinking about different methods of managing users that log into a PostgreSQL-backed application. The users I'm thinking of are not necessarily DBAs: they're...
13
by: ALI-R | last post by:
I know how to authenticate to a webservice using either of these ways(Assuming that rService represents the webservice): 1) rService.Credentials = new...
1
by: EricRybarczyk | last post by:
I am starting a rewrite of an existing Classic ASP web site in ASP.NET 2.0. The existing ASP application has several types of users, each with a separate login process (separate login page,...
0
by: dorrit.Riemenschneider | last post by:
I need to validate a user with username and password against our OpenLDAP active directory. This is my code: Private bool ValidateUser (string username, string password) { DirectoryEntry...
1
by: fomalhaut | last post by:
Hi All, I'm builing an application that requires domain admin access to run, and I'm trying to allow for the application to be run as a normal user and allow the user to provide it with a...
1
by: Michael Howes | last post by:
I would think this would be very, very easy but in the 50 searches I've done I haven't found anything. If our application requires login and that user/password be a local windows account or more...
2
by: Jagath84 | last post by:
Hi all, I want to update openldap directory from c#. I used following code for make Directory entry as below. public static DirectoryEntry GetDirectoryEntry() { ...
4
by: Jon | last post by:
I am modifying an app for a customer in ASP.Net 1.1. The app is running on a server outside their network, yet they want to authenticate users against their internal active directory set up (they...
3
by: kurtk | last post by:
I had a question about the use of the HTTP header 'WWW-Authenticate' in PHP scripts. For example, the script below sends the header 'WWW- Authenticate: Basic Realm="Secret Stash"', followed by the...
0
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
0
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.