stackoom
  简体   繁体   中英

Invalid credentials connecting to AD/LDS with LdapConnection

 原文  2019-02-12 07:27:42       c#/ active-directory/ ldap

Question

I have an instance of AD/LDS running on my machine and I'm trying to connect to it using the System.DirectoryServices.Protocols.LdapConnection class. For some reason every time I call the Bind() method it throws an LdapException complaining about invalid credentials.

Here's the code I'm using to set up the connection: 

var ldapDirectoryIdentifier = new LdapDirectoryIdentifier(config.Server.Host, config.Server.Port);

var creds = new NetworkCredential(config.Credentials.Username, config.Credentials.Password)
{
    Domain = config.Credentials.
};

ldapConnection = new LdapConnection(ldapDirectoryIdentifier, creds, AuthType.Basic);

if (config.Server.Secure)
{
    cert = new X509Certificate(config.Server.Certificate);
    ldapConnection.SessionOptions.SecureSocketLayer = true;
    ldapConnection.SessionOptions.VerifyServerCertificate = CheckCertificate;
}

ldapConnection.SessionOptions.ProtocolVersion = 3;

try
{
    ldapConnection.Bind();
}
catch (LdapException e)
{
    Log.LogException(e);
    Environment.Exit(e.ErrorCode);
}

The configuration is coming from an App.config file as in the following example: 

<server host="host" port="389"/>
<credentials username="username" password="password" domain="domain"/>
<usersearch base="ou=test,dc=test,dc=com" filter="(middlename=user)" objectclass="inetorgperson"/>
<devicesearch base="ou=test,dc=test,dc=com" filter="(sn=device)" objectclass="inetorgperson"/>

I've tried modifying the credentials part to get it connecting; setting username="DOMAIN\\user\u0026quot; , with and without the domain entry to credentials. I've tried messing with the connection strings, eg <server host="LDAP://host[:389]"/> . It just says the credentials, which I use to connect to the instance with both ADSI Edit and ldp, are invalid.

I CAN connect with the same domain credentials (local user account) using System.DirectoryServices.DirectoryEntry so I suspect it's the AD bit of AD/LDS being picky.

Anyone got any ideas?

2 answers

solution1
 0  2019-02-12 08:05:22

It's probably on the session option. Try to force authentication type: 

ldapConnection.AuthType = AuthType.Negotiate;

It may also be the way you handle the certificate. Try to add it this way: 

ldapConnection.ClientCertificates.Add(cert);

solution2
 0 ACCPTED  2019-02-12 10:16:31

我继续仔细检查了哪些AuthTypes可用并将其设置为Ntlm。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using LdapConnection to enumerate AD error on connecting to OpenLDAP using LdapConnection AD LDS error “There is no such object on the server” create custom attribute in ad lds not in ad ds Connection to AD LDS using C# AD LDS Context password Intermittently resetting Search Active Directory (AD LDS) by DateTime custom attribute How to get effective permissions for a user on AD LDS entry in C#? Simple bind to AD-LDS fails from remote computer AD LDS ValidateCredentials gives false after enabling Password Policy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM