Using LdapConnection to enumerate AD

Question

Is it possible to use an LdapConnection from System.DirectoryServices.Protocols to query Active Directory?

I'm having issues instantiating a PrincipalContext. Here's my code, in case anyone can spot the issue:

    private LdapConnection getLdapConnection(string username, string password, string ldapServer, bool secured)
    {
        int port = secured ? 636 : 389;

        LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(ldapServer, port, false, false));

        if (secured)
        {
            connection.SessionOptions.ProtocolVersion = 3;
            connection.SessionOptions.SecureSocketLayer = true;
        }


        connection.Credential = new NetworkCredential(username, password);
        connection.AuthType = AuthType.Basic;
        connection.SessionOptions.VerifyServerCertificate += (conn, cert) => { return true; };
        connection.Bind();

        return connection;
    }

When trying to instantiate the Principal Context I am using

        PrincipalContext context = new PrincipalContext(
            ContextType.Domain,
            ldapServer,
            null,
            useSsl ? ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind : ContextOptions.SimpleBind,
            username,
            password);

I am passing the same values in, for the sake of completeness username is in the format of domain\\user\u003c/code> and the ldapServer is in the format of server.domain.com with ldapServer having :636 appended when creating the Principal Context.

The server I am connecting to has certificate issues which I guess could be preventing this as the LdapConnection is set to return true for verification. This isn't an issue as it's trusted. I don't have access to the server and as such cannot change this.

Answer 1

As far as I understant the container parameter can't be null when you target a domain. Can you just try this constructor :

PrincipalContext domainContextMonou = new PrincipalContext(ContextType.Domain,
                                                           "server.domain.com :389",
                                                           "dc=domain,dc=com",
                                                           username,
                                                           password);

And then this one :

PrincipalContext domainContextMonou = new PrincipalContext(ContextType.Domain,
                                                           "server.domain.com :636",
                                                           "dc=domain,dc=com",
                                                           useSsl ? ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind : ContextOptions.SimpleBind,
                                                           username,
                                                           password);

Answer 2

I suspect part of your problem with the LDAP code is that you're using AuthType.Basic . Try Negotiate instead.