I am trying to authenticate users to active directory with the Novell.Directory.Ldap libraries found in Mono. I know there is better ways than below, but given that I'm confined to Mono, these are the only supported routines as best I can see.
Using the .NET libraries, I can authenticate a user with their samAccountName.
using (DirectoryEntry de = new DirectoryEntry())
{
de.Username = username;
de.Password = password;
de.Path = string.Format("LDAP://{0}/{1}", ADHostname, DefaultNamingContext);
de.AuthenticationType = AuthenticationTypes.Secure;
using (DirectorySearcher deSearch = new DirectorySearcher())
{
deSearch.SearchRoot = de;
deSearch.PropertiesToLoad.Add("cn");
deSearch.Filter = "(&(objectCatagory=person))";
deSearch.FindOne();
}
}
but this fails with invalid credentials if it's running inside mono. The only way to make it work is by specifying the UPN for username:
de.Username = "[email protected]";
The problem is, UPN is not a required attribute for AD. So how can I authenticate a user with just their username?
I see a post about one way to do it: Authenticating user using LDAP from PHP
But, it's a chicken and egg problem. How do I bind to search for the users DN so I can bind, if I can't bind as an authenticated user to begin with.
Thank you for any help you can give.
