Cannot authenticate against Apache DS using C# and LdapConnection?

Question

Problem

I installed and configured a ApacheDS server running ldap. This was a huge step forward for me in teaching myself ldap. However, the following C# console code returns the following error:

System.DirectoryServices.Protocols.LdapException {"The supplied credential is invalid"}

My code is to use this sample code to authenticate a sample user.

Code

Program.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace SampleLdapAuthentication
{
    class Program
    {
        static void Main(string[] args)
        {
            RunLdap run = new RunLdap("localhost", "organization", 635, "hderp", "spaceballs1234");
            bool result = run.ValidateCredentials();
            if(result)
            {
                Console.WriteLine("Authentication Succeeded");
            }
            else
            {
                Console.WriteLine("Authentication Failed");
            }
        }
    }
}

SampleLdapAuthentication.cs

using System;
using System.Collections.Generic;
using System.DirectoryServices.Protocols;
using System.Linq;
using System.Net;
using System.Text;
using System.Threading.Tasks;

namespace SampleLdapAuthentication
{
    public class RunLdap
    {

        private static string _domainController;
        private static string _domain;
        private static int _port;
        private static string _userName;
        private static string _userPassword;



        //Constructor. Takes the domain controller, domain, port, username, and password and then calls Ldap Method to run authentication 
        public  RunLdap(string domainController, string domain, int port, string userName, string userPassword)
        {
            _domainController = domainController;
            _domain = null;
            _port = port;
            _userName = userName;
            _userPassword = userPassword;
        }



        public bool ValidateCredentials()
        {


            LdapDirectoryIdentifier ldi = new LdapDirectoryIdentifier(_domainController, _port);
            NetworkCredential networkCredential = new NetworkCredential(_userName, _userPassword, _domain);

            try
            {
                //We use using so we dispose the object as soon as it goes out of scope 
                using (LdapConnection connection = new LdapConnection(ldi))
                {

                    //connection.SessionOptions.SecureSocketLayer = true;
                    connection.AuthType = AuthType.Kerberos;
                    connection.Bind(networkCredential);

                    //Not sure what this is doing 


                }
                return true;

            }
            catch(LdapException ldapException)
            {
                return false;
            }


                return false;



        }//End of ValidateCredentials

    }
}

LDAP Server Details

Notes

The following are worth noting in what I am doing:

• I followed this tutorial in creating the server and DIT .
• According to my understanding ApacheDS supports keberos out of the box now, so my authentication type should be fine. That is, AuthType
• It fails on connection.Bind() method

I am thinking maybe there is something wrong with how I am entering in the credentials and that my C# code is fine. That is why I included the server AD information. I am new to LDAP and using it to authenticate users, so I appreciate your help.

Answer 1

You're not using the distinguished name of the user. When you create your NetworkCredential object, you should be using the distingushed name of the user, in this case, cn=Herp Derp,ou=users,o=organization instead of hderp . The LDAP doesn't know where to look for hderp without the o and ou values.