Case-Sensitive LDAP Queries

Question

I am doing an LDAP query with DirectoryEntry/DirectorySearcher to authenticate a user in Active Directory via a C# web app like so (the ConnectionString property is just equivalent to LDAP://server.domain):

internal bool AuthenticateUser(string username, string password)
{
    if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
        return false;

    var entry = new DirectoryEntry(this.ConnectionString, username, password);
    var searcher = new DirectorySearcher { SearchRoot = entry, Filter = "(objectclass=user)" };

    try
    {
        var result = searcher.FindOne();
        return true; //connection to AD succeeded, authentication was successful
    }
    catch (DirectoryServicesCOMException)
    {
        return false; //impersonating the user failed
    }
}

These queries are all hitting an SBS server which, when you create a new user, appears to use uppercase values for the pre-Windows 2000 (i.e. NetBIOS) name. So, if I add a new user called "Test User", the username might be "tuser" but the NetBIOS name it specifies is "TUser". When a user puts in a user/pass that hits this method, "tuser" fails to be authenticated whereas "TUser" succeeds.

My question is whether it is possible to modify this so usernames don't have to be case-sensitive?

Terry Gardner Terry Gardner · Accepted Answer · 2012-12-12T17:44:27

The attribute definition in the schema defines which characters can be used in an attribute value for the attribute being defined. The matching rule(s) - also in the attribute definition in the schema - determine how attribute values are compared for equality, substring, ordering, and so forth. The matching rule(s) determine the "case-sensitivity" (although it's really not that simple) of a comparison of attributes.

Matching rules must be used by the server (and clients) when comparing attribute values.

Case-Sensitive LDAP Queries

2 Answers