Error to get user group from Active Directory use LDAP in mono

7
votes

help me please deal with the problem.

I'm trying to get the user group with the following code. I run through the mono. The OS Windows data obtained normally (the account is not included in the domain). But when I start the same code on Linux get the error.

What do I need to do to obtain a normal result?

using System;
using System.Text;
using System.DirectoryServices;
using System.Runtime.InteropServices;

namespace ActiveDirectoryTest
{
    class Program
    {
        private static void Main(string[] args)
        {
            try
            {
                DirectoryEntry de = new DirectoryEntry("LDAP://sub.domain.com","username@domain","password",AuthenticationTypes.None);                  

                DirectorySearcher search = new DirectorySearcher(de);
                search.ReferralChasing=ReferralChasingOption.All;
                search.Filter = "(&(ObjectClass=user)(sAMAccountName=username))";    

                search.PropertiesToLoad.Add("sAMAccountName");
                search.PropertiesToLoad.Add("memberOf");
                StringBuilder groupNames = new StringBuilder();

                var result = search.FindAll()[0];
                int propertyCount = result.Properties["memberOf"].Count;

                for (int propertyCounter = 0;
                    propertyCounter < propertyCount;
                    propertyCounter++)
                {
                    var dn = (String) result.Properties["memberOf"][propertyCounter];

                    var equalsIndex = dn.IndexOf("=", 1);
                    var commaIndex = dn.IndexOf(",", 1);
                    if (-1 == equalsIndex)
                    {
                        Console.WriteLine("error parse");
                    }
                    groupNames.Append(dn.Substring((equalsIndex + 1),
                        (commaIndex - equalsIndex) - 1));
                    groupNames.Append("|");
                }

                Console.WriteLine(groupNames.ToString());
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
            Console.ReadLine();
        }
    }
}

LdapException: (32) No Such Object LdapException: Server Message: 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of: '' Novell.Directory.Ldap.LdapException

1
c#active-directorymonoldap
This does not look like an error in your code, to me it looks like it is an error with communication with the AD / LDAP server.Daniel Steiner

1 Answers

1
votes

This error is usually generated when the search base is not valid. When you are using clear-text LDAP (my example below uses SSL, but you can comment out the change the authentication type to System.DirectoryServices.AuthenticationTypes.None), you can grab a network capture between your application host and the LDAP server on port 389 and see the actual search that is being performed.

Per MS's documentation, you should be able to use LDAP://dc=company,dc=gTLD without specifying a specific domain controller. Because I needed my code to be functional with both Active Directory and pure LDAP servers, I use something like LDAP://DomainController.company.gTLD/ou=UserOU,dc=company,dc=gTLD where the LDAP hostname and search base is included.

The function I use for LDAP authentication:

protected string ldapAuthentication(string strLDAPServer, string strSuppliedUser, string strSuppliedPwd, string strSystemUID, string strSystemPwd, string strLDAPUserBase, string strUIDAttr){
    strSuppliedUser = strSuppliedUser.Trim();
string strResults = "";
    string strLDAPUserHost = strLDAPServer + strLDAPUserBase;

    // Establish LDAP connection and bind with system ID
    System.DirectoryServices.DirectoryEntry dirEntry = new System.DirectoryServices.DirectoryEntry();
    dirEntry.Path = strLDAPUserHost;
    dirEntry.Username = strSystemUID;
    dirEntry.Password = strSystemPwd;

dirEntry.AuthenticationType = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer;

    try
    {
        dirEntry.RefreshCache();

        // Search directory for the user logging on
        string strLDAPFilter = "(&(objectClass=user)(" + strUIDAttr + "=" + strSuppliedUser + "))";
        System.DirectoryServices.DirectorySearcher ldapSearch = new System.DirectoryServices.DirectorySearcher(dirEntry);
        ldapSearch.ServerTimeLimit = new TimeSpan(0, 0, 30);


        ldapSearch.Filter = strLDAPFilter;
        ldapSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;

        System.DirectoryServices.SearchResultCollection searchResults = ldapSearch.FindAll();


        if (searchResults.Count == 1){
        ...

This function is called like:

strInputResults = ldapAuthentication("LDAP://DomainController.company.gTLD/", strInputSuppliedUser, strInputSuppliedPwd, "[email protected]", "Syst3mP@s5w0rd", "ou=UserOU,dc=company,dc=gTLD","sAMAccountName");