Technically my question concerns LDAP not ADSI but I could not find an LDAP
newsgroup and I hoped that someone on this group might have some LDAP
knowledge to pass on.

We have an OpenLDAP server on the network that we wish to use for an Address
book. I am trying to write code to populate the OpenLDAP directory but seem
to be unable to Bind to the connection.

Here is my code:



using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.DirectoryServices.Protocols;
using System.Net;
using System.Text;

namespace LDAP_Test
{
class Program
{
static void Main(string[] args)
{
string szServer;
string szUsername;
string szPassword;
string szOU;
string szDN;

szServer = "TEAS-LDAP.teasteam.com";
szUsername = "CN=teasadmn,DC=Directory,DC=TEASTEAM,DC=com";
szPassword = "te@s_JT_0000000";
szOU = "DC=TEASTEAM,DC=com";
szDN = "DC=directory,DC=teasteam,DC=com";

LdapConnection ldapconn = CreateLDAPConnection(szServer,
szUsername, szPassword, szOU);
}


static LdapConnection CreateLDAPConnection(string szADServer, string
szADUserID, string szADPassword, string szADDomain)
{
NetworkCredential credential = new NetworkCredential();
credential.UserName = szADUserID;
Console.WriteLine("Username: " + szADUserID);
credential.Password = szADPassword;
Console.WriteLine("Password: " + szADPassword);
credential.Domain = szADDomain;
Console.WriteLine("Domain: " + szADDomain);


LdapConnection ldapConnection = new LdapConnection(new
LdapDirectoryIdentifier("teas-ldap.teasteam.com"));
ldapConnection.AuthType = AuthType.Basic;
ldapConnection.Credential = credential;
try
{
ldapConnection.Bind();
return ldapConnection;
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return null;
}
}
}
}


The code fails on the LdapConnection.Bind() with the following error message:

The distinguished name contains invalid syntax.

For debugging I have the following program output:

Username: CN=teasadmn,DC=Directory,DC=TEASTEAM,DC=com
Password: *************
Domain: DC=TEASTEAM,DC=com
The distinguished name contains invalid syntax.

Any help would be appreciated.

Thanks,
John

The domain parameter in the NetworkCredential object is probably not
appropriate for OpenLDAP as that is more for AD/negotiate auth. Try with a
null domain and see if that works.

A good way to test what SDS.Protocols is going to do is to find a copy of
Microsoft's LDP.exe tool. It is a very basic GUI wrapper around the MS LDAP
API which is basically the same type of thing that SDS.Protocols is for
..NET.

HTH!

Thanks Joe,

That did help. At least it got me past the DN error. Now I get "A protocol
error has occurred." I'm gonna try to find that tool you mentioned and see if
it gives me any further direction.

Thanks again,
John


"Joe Kaplan" wrote:
[..]

Joe,

I downloaded the LDP.EXE tool as suggested.

I can connect to the open ldap server just fine; however, when I try to bind
I get the invalid DN syntax again.

Here's the entire output from the connection/bind sequence:

ld = ldap_open("TEAS-LDAP", 389);
Established connection to TEAS-LDAP.
Retrieving base DSA information...
Result <0>: (null)
Matched DNs:
Getting 1 entries:
>> Dn:
2> objectClass: top; OpenLDAProotDSE;
-----------
res = ldap_bind_s(ld, 'teasadmn', <unavailable>, 128); // v.3
Error <34>: ldap_bind_s() failed: Invalid DN Syntax.



I think there may still be some configuration/schema errors in the open ldap
configuration possibly? Your thoughts?

Thanks,
John



"John Beschler" wrote:
[..]

I would expect to se ldap_simple_bind_s from LDP if you want simple bind
auth (which I think you do for OpenLDAP). Did you use the simple bind
option in ldp? In SDS.Protocols, that's the "Basic" flag as I recall.

Joe,

Changed to simple bind and get:

res = ldap_simple_bind_s(ld, 'teasadmn', <unavailable>); // v.3
Error <34>: ldap_simple_bind_s() failed: Invalid DN Syntax


Any ideas?



"Joe Kaplan" wrote:
[..]

Did you specify the username parameter as the full user DN here? It looks
like you used a short name format from the output. Not sure if that would
work with OpenLDAP.

YOU DA MAN!!!

That worked (in the tool anyway). Now I'll try it in my app and see whether
I get any farther. Thanks for your help.



"Joe Kaplan" wrote:
[..]

Joe,

I've simplified the test program as much as I can:

using System;
using System.Collections.Generic;
using System.DirectoryServices;
using System.DirectoryServices.Protocols;
using System.Net;
using System.Text;

namespace LDAP_Test
{
class Program
{
static void Main(string[] args)
{
string szServer;
string szUsername;
string szPassword;

szServer = "TEAS-LDAP";
szUsername = "cn=teasadmn,dc=directory,dc=teasteam,dc=com";
szPassword = "***************";

NetworkCredential credential = new NetworkCredential();
credential.UserName = szUsername;
Console.WriteLine("Username: " + szUsername);
credential.Password = szPassword;
Console.WriteLine("Password: " + szPassword);

LdapConnection ldapConnection = new LdapConnection(szServer);
ldapConnection.AuthType = AuthType.Basic;
ldapConnection.Credential = credential;
try
{
ldapConnection.Bind();
Console.WriteLine("Bind Succesful");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
}
}

Now I am back to: "A protocol error occurred."

I'm using the same username/password combo as in the utility.

What am I missing here?

Thanks,
John

It looks right to me. Try expliciting setting the LDAP version to V3 as well
to see if that make the protocol error go away.

Bind Succesful!

Thanks Joe.

"Joe Kaplan" wrote:
[..]

Seems like that should be set by default, no? I'm glad that worked and was
at a loss what else might be wrong.

Just wanted to say THANKS again. Once I got past the connection, everything
else fell into place. I am able to search my LDAP OU; delete all existing
entries, and repopulate - all from a console application.

I can't tell you how much I appreciate your time and willingness to share.

God Bless,
John