{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 一纸荒年 Trace。 的问题《C# netcore ldap authentication using Novell.Direct》','https://www.manongdao.com/q-1345411.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
it is the first time I'm working with LDAP and Active Directory. I have to make a web api with .NetCore that have to authenticate with ActiveDirectory (WindowsServer 2008 r2), I'm following the samples in Novell.Directory.Ldap.NETStandard but i can't understand the way that I must set the parameters. This is the users that I created in ActiveDirectory Server:
In Novell's samples
if (args.Length != 5)
{
System.Console.Out.WriteLine("Usage: mono VerifyPassword <host name>" + " <login dn> <password> <object dn>\n" + " <test password>");
System.Console.Out.WriteLine("Example: mono VerifyPassword Acme.com " + "\"cn=Admin,o=Acme\" secret\n" + " \"cn=JSmith,ou=Sales,o=Acme\" testPassword");
System.Environment.Exit(0);
}
int ldapPort = LdapConnection.DEFAULT_PORT;
int ldapVersion = LdapConnection.Ldap_V3;
System.String ldapHost = args[0];
System.String loginDN = args[1];
System.String password = args[2];
System.String objectDN = args[3];
System.String testPassword = args[4];
LdapConnection conn = new LdapConnection();
try
{
// connect to the server
conn.Connect(ldapHost, ldapPort);
// authenticate to the server
conn.Bind(ldapVersion, loginDN, password);
LdapAttribute attr = new LdapAttribute("userPassword", testPassword);
bool correct = conn.Compare(objectDN, attr);
System.Console.Out.WriteLine(correct?"The password is correct.":"The password is incorrect.\n");
// disconnect with the server
conn.Disconnect();
}
In Novell's samples the "user" parameters looks like this "ou=sales,o=Acme", so I was trying:
int ldapPort = LdapConnection.DEFAULT_PORT;
int ldapVersion = LdapConnection.Ldap_V3;
bool compareResults = false;
String ldapHost = "192.168.58.251";
String loginDN = @"cn=jperez";
String password1 = "Jperez123";
String dn = "mydn";
LdapConnection lc = new LdapConnection();
LdapAttribute attr = null;
try
{
// connect to the server
lc.Connect(ldapHost, ldapPort);
var sdn = lc.GetSchemaDN();
// authenticate to the server
lc.Bind(ldapVersion, loginDN, password1);
...
}
catch (LdapException e)
{
Console.WriteLine("Error: " + e.ToString());
}
But I get this error: LDAP:
LdapException: Invalid Credentials (49) Invalid Credentials LdapException: Server Message: 80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 52e, v1db1\u0000 LdapException: Matched DN:
I also get the schemaDn with this funciton: lc.GetSchemaDN(), that return this result: CN=Aggregate,CN=Schema,CN=Configuration,DC=mydn,DC=local
After googling there is no much information with .Netcore than the Novell's samples, please I need your help.
It also works for me:
Works on Windows Server 2012r2 with the default domain settings. If you want to get loginDNs for your domain users, just execute next cmd command on domain controller:
More information here
I had the same issue until I used this
lc.Bind("uid=" + objUser.UserName + ",ou=SomeValue,dc=SomeValue,dc=SomeValue",password);also I did not supply a version like in your example
I had the same issue and the only way I got it working was by supplying the login like this
Yet another variation, I found I had to logon as:
"PartA PartB" of an AD username. (notice the space in the name.)
example being
"App Alerts"whereas I normally can login with"AppAlerts"... but this is the Fully Qualified name i found withdsquery user:Been working on this as well and ran into the same error. I had to use the Windows domain and username to log in:
Once I did that, I got in without issue.