stackoom
  简体   繁体   中英

The LDAP Server is Unavailable using PrincipalContext and ADLDS

 原文  2017-05-10 15:57:38       c#/ directoryservices/ userprincipal/ principalcontext/ adlds

Question

We are making use of ADLDS for our user management and authentication. We can successfully query the instance without problems. However, trying to perform an operation such as SetPassword will fail or even trying to create a new user if a password is not set, it fails. I can successfully update a user as long as its not password I'm trying to update. I've been reading a lot of different articles relating to this but not finding a resolution. Posting to see if I can get some fresh perspective on this issue, thanks for any input.

EXAMPLE 

ContextType ctxType = ContextType.ApplicationDirectory; 
string server = "myadldsserver.com"; 
string usersCN = "CN=Users,..."; // container where users reside 
ContextOptions ctxOpts = ContextOptions.SimpleBind;
string uname = "myuser"; 
string pswrd = "mypass"; 

using(var ctx = new PrincipalContext(ctxType, server, usersCN, ctxOpts, uname, pswrd) 
using(var newUser = new UserPrincipal(ctx)) {
    newUser.Name = "newusername"; 
    newUser.Enabled = true; 
    newUser.UserPrincipalName = "newusername"; 
    newUser.Save(); 

    newUser.SetPassword("newuserpassword");  
}

ERROR 1

The first problem I encounter if I try to create a new UserPrincipal and call Save without having set the password like in Example above I get the exception A constraint violation occurred. with an InnerException extend message of 0000052D: AtrErr: DSID-033807D7, #1:0: 0000052D: DSID-033807D7, problem 1005 (CONSTRAINT_ATT_TYPE), data 2246, Att 9005a (unicodePwd)

Because of this error I tried moving the SetPassword before calling Save along with other approaches I found online such as getting the DirectoryEntry from the UserPrincipal and trying to call SetPassword but got a different error.

ERROR 2

Calling SetPassword before calling UserPrincipal.Save, when save is called, results in the error The directory property cannot be found in the cache.

Note that the same error will occur if I trying calling ResetPassword or getting a DirectoryEntry and calling Invoke("SetPassword"... as well

ERROR 3

From my research most seem to indicate this could have to do with needing to access AD LDS using a Secure connection. So, I changed my server to include the port of 636 string server = "myadldsserver.com:636" and I changed the ContextOptions to be ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer .

Making these changes when the PrincipalContext is being constructed I get the following exception The server could not be contacted. with an inner exception of The LDAP server is unavailable. , HResult is -2146233087

JAVA and LDP

To add some background to this, we do have similar code written in an older Java application. We are trying to port some of this logic over to .NET side in C#. The code in Java makes use of a Java keystore that contains the certificate that was generated on the AD LDS server. The Java application of course has no issues using the SSL port. We know the server seems to be configured correctly, it's just an issue of how to access it from .NET side.

Is there an equivalent on the .NET side such as the keystore in Java? We know that an SSL connection can be made to server. We have verified this using LDP as well.

GOALS

  • Be able to create a new user and set their password during creation
  • Be able to ResetPassword or ChangePassword for a user
  • Connect to our AD LDS instance from .NET securely

1 answers

solution1
 3 ACCPTED  2017-05-10 18:19:31

Have you tried using Microsoft Management Console to import the certificate?

Two ways to install the certificate

Either

  1. Open a cmd.exe console and type "MMC"
  2. File > Add/Remove Snap-In...
  3. Select Certificates, click Add
  4. Choose Computer Account and Local Computer when prompted, then OK...
  5. Certificates should now be showing under Console Root
  6. Certificates > Trusted Root Certification Authorities > Certificates > (right-click) > All Tasks > Import Certificate...
  7. Find the certificate you want to import, click Next and choose defaults (Trusted Root Certification Authorities should already be selected)
  8. Click Next, Finish

(or)

Simply double-click on the .cer file for the certificate in Windows Explorer, click Install Certificate... > Next > select the option to "Place all certificates in following store" > Browse... > Select Trusted Root Certification Authorities. Continue with next until done.

At this point your certificate is installed, and you should be able to communicate securely with your ADLDS server.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question ldap server is unavailable OpenLDAP The LDAP server is unavailable LDAP server is unavailable exception Handling LDAP server is unavailable The LDAP server is unavailable LDAP connection response server unavailable Windows Service LdapException: The LDAP server is unavailable How to get all user from LDAP in C# Using DirectoryEntry() or PrincipalContext()? Trying to connect using PrincipalContext on Workgroup Server returns Invalid User. How to check connection is made into a server when using PrincipalContext?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM