成功连接到本地 LDAP 域的 DirectoryEntry 方法在 C# 中如何实现?

huangapple go评论60阅读模式
英文:

How to succesfully connect with DirectoryEntry in C# to a localhost LDAP domain?

问题

I'm running Ubuntu on Windows via WSL in a CLI, and I've configured LDAP (OpenLDAP: slapd) on Ubuntu as follows:

BASE dc=example,dc=com
URI ldap://localhost

When I run the following command on Ubuntu, it shows me the structure of the Users and Groups I've set on the LDAP server, which indicates that I'm able to connect with the server using my test user:

ldapsearch -D "cn=test,ou=Department,dc=example,dc=com" -w test -b 'dc=example,dc=com' '(objectclass=*)';

On my Windows host machine, I checked the box for Active Directory Lightweight Directory Services in the Turn Windows features on or off window, which enables the usage of LDP.exe. In LDP.exe, I'm also able to connect with the LDAP server, by selecting Connection > Bind > filling in "cn=test,ou=Department,dc=example,dc=com" for the User field and "test" for the Password field > and selecting Simple bind before clicking OK:

After clicking OK, LDP.exe provides the following feedback:

I'm also able to retrieve information from the LDAP server in my C# code—for example:

de = new DirectoryEntry("LDAP://localhost:389/ou=Department,dc=example,dc=com");
de.AuthenticationType = AuthenticationTypes.None;
var childNames = new List();
foreach(DirectoryEntry child in de.Children)
{
childNames.Add(child.Name.ToString());
}

The above gives me the confidence that the LDAP server is configured correctly and that I'm able to access it in my code, but I'm unable to connect via the aforementioned test user when I modify the code as follows:

var de = new DirectoryEntry("LDAP://localhost/OU=Department,DC=example,DC=com", username, password);
var childNames = new List();
foreach(DirectoryEntry child in de.Children)
{
childNames.Add(child.Name.ToString());
}

When I run the above code, I get an error at the foreach part that says that "the user name or password is incorrect."

I've tried to set the username & password variables in various ways, such as setting the password to "test" or its SSHA hash, and setting username to "test", "cn=test", "example.com\test", or "test@example.com", but I keep getting the message that "the user name or password is incorrect" when I run the code.

I've also tried the username & password combinations with several forms of authentication, as such:

var de = new DirectoryEntry("LDAP://localhost/OU=Department,DC=example,DC=com", username, password, AuthenticationTypes.Secure);

But I've been unable to find the correct configuration. How do I configure the code so that the username and password combination is accepted?

英文:

I'm running Ubuntu on Windows via WSL in a CLI, and I've configured LDAP (OpenLDAP: slapd) on Ubuntu as follows:

BASE    dc=example,dc=com
URI     ldap://localhost

When I run on the following command on Ubuntu, it shows me the structure of the Users and Groups I've set on the LDAP server, which indicates that I'm able to connect with the server using my test user:

ldapsearch -D "cn=test,ou=Department,dc=example,dc=com" -w test -b 'dc=example,dc=com' '(objectclass=*)'

On my Windows host machine, I checked the box for Active Directory Lightweight Directory Services in the Turn Windows features on or off window, which enables usage of LDP.exe. In LDP.exe, I'm also able to connect with the LDAP server, by selecting Connection > Bind > filling in "cn=test,ou=Department,dc=example,dc=com" for the User field and "test" for the Password field > and selecting Simple bind before clicking OK:

成功连接到本地 LDAP 域的 DirectoryEntry 方法在 C# 中如何实现?

After clicking OK, LDP.exe provides the following feedback:

成功连接到本地 LDAP 域的 DirectoryEntry 方法在 C# 中如何实现?

I'm also able to retrieve information from the LDAP server in my C# code—for example:

de = new DirectoryEntry("LDAP://localhost:389/ou=Department,dc=example,dc=com");
de.AuthenticationType = AuthenticationTypes.None;
var childNames = new List<string>();
foreach(DirectoryEntry child in de.Children)
{
    childNames.Add(child.Name.ToString());
}

The above gives me the confidence that the LDAP server is configured correctly and that I'm able to access it in my code, but I'm unable to connect via the aforementioned test user when I modify the code as follows:

var de = new DirectoryEntry("LDAP://localhost/OU=Department,DC=example,DC=com", username, password);
var childNames = new List<string>();
foreach(DirectoryEntry child in de.Children)
{
    childNames.Add(child.Name.ToString());
}

When I run the above code, I get an error at the foreach part that says that "the user name or password is incorrect."

I've tried to set the username & password variables to all the ways I could think of or find online, such as setting the password to "test" or its SSHA hash, and setting username to "test", "cn=test", "example.com\\test", or "test@example.com", but I keep getting the message that "the user name or password is incorrect" when I run the code.

I've also tried the username & password combinations with several forms of authentication, as such:

var de = new DirectoryEntry("LDAP://localhost/OU=Department,DC=example,DC=com", username, password, AuthenticationTypes.Secure);

But I've been unable to find the correct configuration. How do I configure the code so that the username and password combination is accepted?

答案1

得分: 0

你说:

> 我正在通过WSL在CLI中运行Ubuntu,并在Ubuntu上配置了LDAP(OpenLDAP:slapd)

然后:

> 在我的Windows主机上,我在"打开或关闭Windows功能"窗口中勾选了Active Directory轻量级目录服务

这意味着您现在在同一台机器上运行了两个LDAP服务器。我猜想AD LDS实例占据了优势,这就是导致出现"用户名或密码不正确"错误的实例。

如果您想连接到您的OpenLDAP实例,您需要禁用Active Directory轻量级目录服务。如果您想保留LDP,您可以在卸载AD LDS之前从Windows\System32文件夹中复制ldp.exe文件,然后在卸载AD LDS后将其复制回来。

英文:

You said:

> I'm running Ubuntu on Windows via WSL in a CLI, and I've configured LDAP (OpenLDAP: slapd) on Ubuntu

And then:

> On my Windows host machine, I checked the box for Active Directory Lightweight Directory Services in the Turn Windows features on or off window

That means you now have two LDAP servers running on the same machine. I'm guessing that the AD LDS instance is taking precedence, and that's the instance that's giving you the "user name or password is incorrect" error.

If you want to connect to your OpenLDAP instance, you'll need to disable Active Directory Lightweight Directory Services. If you want to keep LDP, you can copy the ldp.exe file out of the Windows\System32 folder before you uninstall AD LDS, then copy it back after.

答案2

得分: 0

以下是已翻译的代码部分:

显然,用户名必须包含完整的DN。下面的代码有效:

string username = "cn=test,ou=Department,dc=example,dc=com", password = "test";
var de = new DirectoryEntry("LDAP://localhost:389/ou=Department,dc=example,dc=com", username, password, AuthenticationTypes.None);
childNames = new List<string>();
foreach (DirectoryEntry child in de.Children)
{
    childNames.Add(child.Name.ToString());
}

在Microsoft页面上,它说AuthenticationTypes.None "等于零,这意味着在LDAP提供程序中使用基本身份验证(简单绑定)。”我最初认为AuthenticationTypes.None表示用户名和密码不会被检查是否正确(与AuthenticationTypes.Anonymous一样),但事实并非如此。

英文:

Apparently, the username must contain the full DN. The code below works:

string username = &quot;cn=test,ou=Department,dc=example,dc=com&quot;, password = &quot;test&quot;;
var de = new DirectoryEntry(&quot;LDAP://localhost:389/ou=Department,dc=example,dc=com&quot;, username, password, AuthenticationTypes.None);
childNames = new List&lt;string&gt;();
foreach(DirectoryEntry child in de.Children)
{
    childNames.Add(child.Name.ToString());
}

On the Microsoft pages, it's said that AuthenticationTypes.None "equates to zero, which means to use basic authentication (simple bind) in the LDAP provider." I first assumed that AuthenticationTypes.None means that the username and password won't be checked for correctness (as with AuthenticationTypes.Anonymous), but that's not the case.

huangapple
  • 本文由 发表于 2023年5月17日 18:04:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/76270889.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定