If I have a PrincipalContext connected to an ActiveDirectory server (with some credentials) then I can call its ValidateCredentials method to validate some other credentials (e.g. some other username/password pair that differs from the credentials used for the PrinicapContext's connection).
I want to do basically the same thing, but with an LdapConnection. I have an LdapConnection successfully connected and bound to an openLDAP server. Now I want to validate a different set of credentials. I expect these credentials will need to be a distinguished-name & password pair instead of a username & password pair as above; that's fine.
I suppose I could create a temporary second LdapConnection and validate by binding with the second set of credentials.
Is there a better way to do this? Particularly, is there a way to use my existing LdapConnection to validate/authenticate other credentials? Btw, I'm in C# 4.0 for this.
Application code can validate credentials by changing the authentication state of an existing connection (LDAPv3 only). This process is accomplished by transmitting a bind request and examining the response from the server. If the result code in the bind response from the server is 0, the the credentials are correct and the account (which is identified by the distinguished name) is usable. If the result code in the bind response is non-zero, then an error has occurred: Perhaps the credentials are not valid, the distinguished name does not exist, the account associated with the distinguished name is disabled, or some other error.
This can be done with an existing connection, or the application can establish a new connection and transmit the bind request on the new connection.