LDAP - VB.NET DirectoryServices Problem

  • Thread starter Thread starter Vibert
  • Start date Start date
V

Vibert

Hi all,



I need to read data from a Novell eDirectory LDAP-server, located at a
specific IP address.



What works:

-----

Using the "LDAP Browser/Editor 2.8.2" from University of Chicago, with
settings: Anonymous Bind: On, SSL: On,

everything works fine.



What doesn't work:

-----

Using VB.NET and DirectoryEntry/ DirectorySearcher, I get:



System.Runtime.InteropServices.COMException (0x8007203A): The server is not
operational

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

at System.DirectoryServices.DirectoryEntry.Bind()

at System.DirectoryServices.DirectoryEntry.get_AdsObject()

at System.DirectoryServices.DirectorySearcher.FindAll(Boolean
findMoreThanOne)

at System.DirectoryServices.DirectorySearcher.FindOne()



Code: (have tried numerous variations of this.)



Dim objRootOU As New DirectoryEntry("LDAP://xxx.xxx.xxx.xxx:636/o=zzzz")

Dim objSearch As New DirectorySearcher(objRootOU)

Try

objRootOU.AuthenticationType = AuthenticationTypes.None 'Also tried the
others

objSearch.SearchScope = SearchScope.Subtree

Dim searchResult As SearchResult

searchResult = objSearch.FindOne()

Dim result As String

result = searchResult.Properties("givenName")(0) & " " & _

searchResult.Properties("sn")(0)

Catch ex As Exception

System.Console.WriteLine(ex.GetBaseException.ToString)

End Try



Other facts:

Using Windows XP

Using .NET Framework 1.0.3705



Thanx for any help/hints,



Vidar
 
I need to read data from a Novell eDirectory LDAP-server, located at a
specific IP address.
Using VB.NET and DirectoryEntry/ DirectorySearcher, I get:

System.Runtime.InteropServices.COMException (0x8007203A): The server is not
operational
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
Click to expand...

As far as I recall, you CANNOT use DirectorySearcher for any other
directory service platform than Active Directory.

Marc
================================================================
Marc Scheuner May The Source Be With You!
Bern, Switzerland m.scheuner(at)inova.ch
 
Well,
actually I have tested this against an inhouse Novell eDirectory
LDAP-server, and that works perfectly well.

So my situation is:
1. My VB.NET DirectoryEntry/ DirectorySearcher code works OK when reading
from inhouse Novell eDirectory
2. My VB.NET DirectoryEntry/ DirectorySearcher code does not work when
reading from external Novell eDirectory

The main difference between the two directories is that the external one
requires SSL/Anonymous Bind, so this is possibly the root of the problem,
i.e. setting up DirectoryEntry/ DirectorySearcher to handle SSL/Anonymous
Bind.

Vidar
 
Does using the authentications types AuthencationTypes.SecureSocketsLayer or
AuthenticationTypes.Anonymous work for the external server?

You might also try AuthencationTypes.SecureSocketsLayer or
AuthenticationTypes.None (although the None is redundant since it = 0).

One of the tricky things with S.DS is that some of the authentication types
flags are Windows/AD only, while others are part of the more general LDAP
spec. I'm not sure if Anonymous falls in the former or the latter.

Sometimes I've seen the SSL bind fail if there are issues with negotiating
TLS between the client and server too. These kinds of things are tricky to
diagnose.

Joe K.
 
Hi,

I've tested all AuthencationTypes for the external server, and all fail. I
usually get:
System.Runtime.InteropServices.COMException (0x8007203A): The server is not
operational
In one case (AuthenticationTypes.Anonymous, no user/PW supplied), I get:
System.Runtime.InteropServices.COMException (0x80070057): The parameter is
incorrect

So, to summarize:

1. Reading from inhouse Novell eDirectory with VB.NET DirectoryEntry/
DirectorySearcher:
All AuthenticationTypes works OK, except:
- Anonymous (The parameter is incorrect - when no user/PW is suuplied)
- Encryption/SecureSocketsLayer (OK, the internal directory is not
configured for SSL)
- Sealing/Signing (Abort)

2. Reading from external Novell eDirectory with VB.NET DirectoryEntry/
DirectorySearcher:
All AuthenticationTypes fail.with "The server is not operational", except:
- Anonymous (Fails with "the parameter is incorrect" - when no user/PW is
suuplied)

3. Reading from external Novell eDirectory with "LDAP Browser/Editor 2.8.2":
Works OK, with settings: Anonymous Bind: On, SSL: On
(When connecting, I am asked if I thrust a specific CA certificate)

Note: The external directory people have given me 2 certificates, however,
the LDAP Browser/Editor seems to work fine irrespectible of whether I have
installed those or not.


Vidar
 
Hi Vidar,

Based on your analysis, it looks like you are out of luck. ADSI/S.DS is
notorious for not working well with third party directories, especially with
authentication and schema mapping. Having never worked with a third party
LDAP directory,

I'd suggest you go check out the Novell C# LDAP libraries at
forge.novell.com. They have been developed as part of the Mono project as I
understand and will probably give you a much better experience, while still
allowing you to leverage .NET.

Good luck,

Joe K.
 
Based on your analysis, it looks like you are out of luck. ADSI/S.DS is
notorious for not working well with third party directories, especially with
authentication and schema mapping. Having never worked with a third party
LDAP directory,
Click to expand...

You might also try to get in touch with Dave Stucki, he's been working
on a set of C# native LDAP components - not quite sure where he's at
right now, and whether those are publicly available at all - worth a
try!

(e-mail address removed)

Marc
 
Hi

I am trying to connect to my intranet LDAP server and authenticate our intranet id and passwords using active directory services.

When I try to conenc to the server using anonymous bind it gives me "The parameter incorrect" error message.

How can I overcome this error. Could you help me please ?
 
Back
Top