AD - 使用 DirectoryEntry 搜索时出现 LDAP 错误超时

Question

I am connecting to the AD with this:

public void ValidateCredentials(string username, string password, out ClaimsIdentity identity)
    {
        using (DirectoryEntry entry = new DirectoryEntry())
        {
            entry.RefreshCache();
            entry.Username = username;
            entry.Password = password;
            DirectorySearcher searcher = new DirectorySearcher(entry);
            searcher.ClientTimeout = TimeSpan.FromMinutes(2);
            searcher.ServerTimeLimit = TimeSpan.FromMinutes(2);
            searcher.Filter = "(&(&(objectclass=user)(objectcategory=person))" +
            "sAMAccountName=" + username + ")";
            SearchResult srResult = searcher.FindOne();

            identity = new ClaimsIdentity();
            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, username));
        }
    }

With that, if I put a user and password wrong, it gives me a wrong user or password error, if I put a correct user and password, it allows me to log in, but if I put a username that exists and a wrong password, it gives me a timeout error (at 30 seconds):

This operation returned because the timeout period expired.

Try to increase the timeout time with ClientTimeout and ServerTimeLimit but nothing happened.

Also try doing it with this:

string filter = "(&(&(objectclass=user)(objectcategory=person))" +
            "sAMAccountName=username)";
        NetworkCredential credentials = new NetworkCredential(username, password);
        LdapDirectoryIdentifier directoryIdentifier =
           new LdapDirectoryIdentifier("LDAP://DC=domain,DC=com", 389, false, false);
        using (LdapConnection connection =
           new LdapConnection(directoryIdentifier, credentials, AuthType.Basic))
        {
            connection.Timeout = new TimeSpan(0, 0, 90);
            connection.SessionOptions.ProtocolVersion = 3;
            SearchRequest search =
                new SearchRequest(username, filter, System.DirectoryServices.Protocols.SearchScope.Base, "mail");
            SearchResponse response = connection.SendRequest(search) as SearchResponse;
            foreach (SearchResultEntry entry in response.Entries)
            {
                Console.WriteLine(entry.Attributes["mail"][0]);
            }
        }

But the server gave me an error that I did not support it.

I am open to ideas.

Thanks in advance.

Greetings

Edit: I add in case it is of any use, that we are doing this through a VPN that is capable of slowing things down.

Answer 1

The problem was that the LDAP url they gave me was not well optimized, they gave me a new url and the problem was fixed