2

I need to connect to an external LDAP server that is accessible to me but only over LDAPS.

The information I have available is username, server, password. I need to query and retrieve a list of all users. The format I have the details in are

  • Username: domain\username
  • Password: {password}
  • Domain: remote.{domain}.net.au

The following code I wrote will authenticate my user account successfully, but I now need to enumerate all users which is where I'm having issues. Ideally this would be ALL users in the directory, not from within a specific OU. Again, I don't have the fully qualified paths to any OUs for this server. The server has a self signed certificate which is why in my example I am specifically telling it to accept the certificate.

        int port = secured ? 636 : 389;

        LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(ldapServer, port, false, false));

        if (secured)
        {
            connection.SessionOptions.ProtocolVersion = 3;
            connection.SessionOptions.SecureSocketLayer = true;
        }


        connection.Credential = new NetworkCredential(username, password);
        connection.AuthType = AuthType.Basic;
        connection.SessionOptions.VerifyServerCertificate += (conn, cert) => { return true; };
        connection.Bind();

        return connection;
Sam
  • 4,219
  • 7
  • 52
  • 80
  • I discribe [there](http://stackoverflow.com/a/6457140/608772) three ways to access to Active-Directory using C#. Do you really need to use System.DirectoryServices.Protocols ? – JPBlanc Feb 07 '12 at 06:16
  • @JPBlanc I don't care how I do it just so long as it works. Using the LdapConnection is the only way I've been able to get LDAPS working thus far with this server which I believe is due to it's certificate errors. If it was standard LDAP it would be no problem as I have plenty of working code talking straight to my AD server. This one, however, is another organisations and we can only talk to it over LDAPS. – Sam Feb 07 '12 at 20:51

1 Answers1

2

So the answer is in Performing a Simple Search sample of Introduction to System.DirectoryServices.Protocols (S.DS.P) with :

// create a search filter to find all objects
string ldapSearchFilter = "(&(objectCategory=person)(objectClass=user))";
JPBlanc
  • 70,406
  • 17
  • 130
  • 175