0

I've set up slapd and created some basic Users and Groups.

In my code (.NET 7.0), I'm able to bind to the slapd LDAP server with a user named test as follows:

string userDN = "cn=test,ou=DepartmentOne,dc=example,dc=com", userPassword = "test";
var ldapConnection = new LdapConnection(new LdapDirectoryIdentifier("localhost", 389))
{
    AuthType = AuthType.Basic
};
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.Bind(new NetworkCredential(userDN, userPassword));

My problem is that I can't expect users to know their DistinguishedName (DN) before binding, but they must fill in their DN to bind to the slapd LDAP server or else the server will return Error Code 49. If, for example, I only know that my username is "test", and I don't know that I'm in the OrganizationalUnit (OU) named DepartmentOne, then I'm unable to bind to the server.

I use Bind() to authenticate users, and what I need is to configure slapd so that users don't have to fill in their DN but merely their username in order to bind succesfully. It's only after binding that I want to check whether or not the user is part of the DepartmentOne OU and authenticate them accordingly. Currently, it works the other way around: I must already know what OU my test user is in before I can bind and thereby authenticate.

How do I configure slapd so that I'm able to bind with the following code (or similar code) instead (where I don't get an error related to invalid credentials/invalid DN syntax):

string username = "test", userPassword = "test";
var ldapConnection = new LdapConnection(new LdapDirectoryIdentifier("localhost", 389))
{
    AuthType = AuthType.Basic
};
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.Bind(new NetworkCredential(username, userPassword));
HasQuestionsAndAnswers
  • 75
  • 8
  • There is more than on type of authentication. You are having authentication issues. See the different authentication modes at following : https://www.openldap.org/doc/admin24/install.html#Prerequisite%20software – jdweng May 31 '23 at 15:20
  • I'm too new at this to discover the solution merely with the knowledge that there are multiple authentication modes. Please provide me with concrete directions. – HasQuestionsAndAnswers May 31 '23 at 15:28
  • Do a search for : "slapd" authentication (with double quotes around slapd). It is really LAPD authentication. The search results will explain how the authentication works and how to configure your code. Both the client and server have to be using the same authentication method. Also the port number 389 is reserved for LDAP. If you are not using LDAP than the port number must be changed. – jdweng May 31 '23 at 16:09
  • I assume that I'm using LDAP, since Slapd is a standalone LDAP daemon, which I set up as part of an OpenLDAP tutorial, and I'm using LdapConnection for my code and am able to connect to the LDAP server through port 389. I couldn't find what I need when googling "'slapd' authentication": I'm still stuck – HasQuestionsAndAnswers Jun 01 '23 at 07:05
  • That is why I always use Google instead of Chrome. See : https://wiki.gentoo.org/wiki/Centralized_authentication_using_OpenLDAP?force_isolation=true – jdweng Jun 01 '23 at 09:02

0 Answers0