Re: Authenticate user in OpenLDAP with username and password

<dorrit.Riemenschneider@xxxxxxxxxxxxx> wrote in message news:1167996205.831349.92130@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I need to validate a user with username and password against our
OpenLDAP active directory. This is my code:

Private bool ValidateUser (string username, string password)
{
DirectoryEntry userEntry = new DirectoryEntry(
ldapPath, username, password,
AuthenticationTypes.Anonymous);
//Bind to the native AdsObject to force authentication.

Object obj = userEntry.NativeObject;
DirectorySearcher search = new
DirectorySearcher(userEntry);
search.Filter = "(cn=" + username + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (result != null)
return true;
else
return false;
}

The problem is, it returns also true if the username is correct, but
the password is false.
It looks like the user is located but not authenthicated.

I have already tried with several AuthenthicationTypes:
I get an exeption "invalid dn-syntax" for AuthenthicationTypes.None,
AuthenthicationTypes.Delegation, AuthenthicationTypes.FastBind,
AuthenthicationTypes.ReadOnlyServer, AuthenthicationTypes.Sealing.

I get an exception "Die angeforderte Authentifizierungsmethode wird
durch den Server nicht unterstützt" (authenthication method not
supported by server) for AuthenthicationTypes.Secure or if I don't
specify an AuthenthicationType.

Any help is appreciated!
Dorrit


AuthenticationTypes.Anonymous means ... no authentication is performed, so your credentials are not checked at all. You should specify None as type, this will force Basic authentication, basically OpenLdap does only support "basic" and "SecureSocketsLayer", other types are not supported.
Another point is that you better use System.DirectoryServices.Protocols (FCL v2) when connecting to non Active Directory, OpenLDAP is not AD and the directory schema is not the same as the AD schema so you better use lower level LDAP API's then the ADSI (wrapped by SDS).
Following snip illustrates how you can bind using basic authentication.

using System.DirectoryServices.Protocols;
....
using (LdapConnection ldap = new LdapConnection("ldapserverName"))
{
ldap.AuthType = AuthType.Basic;
ldap.Bind(new NetworkCredential("username", "pwd")); // credentials for the bind, username in upn format
// do whatever you need to do with the store
SearchRequest req = new SearchRequest("cn=....", ....
....
}


Willy.




.

Relevant Pages

  • RE: Web Forms Auth fails when rfValidator triggered
    ... © 2002 Microsoft Corporation. ... | Content-Type: text/plain ... | | basically has a username field, ... | | If I enter garbage text in BOTH fields, the authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Adding a virtual FTP folder to IIS
    ... I think we can follow the Form Authentication modal. ... application will use the ASPNET account. ... If we change the username ... Windows identity different from that of the default process identity. ...
    (microsoft.public.dotnet.framework)
  • Re: OWA login problems
    ... But anyway, since just using USERNAME works from the desktop, this indicates ... Maybe one of the authentication ... Outlook Web Access For PDA, ... the Virtual Directory named Exchange and select properties. ...
    (microsoft.public.exchange.connectivity)
  • Re: Authenticate user in OpenLDAP with username and password
    ... I need to validate a user with username and password against our ... Private bool ValidateUser (string username, ... DirectoryEntry userEntry = new DirectoryEntry( ... //Bind to the native AdsObject to force authentication. ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: Web Forms Auth fails when rfValidator triggered
    ... | basically has a username field, ... | If I enter garbage text in BOTH fields, the authentication ... | controls do their job and display the "error text" stating ... | Jeff Ptak ...
    (microsoft.public.dotnet.framework.aspnet.security)