Search code examples
c#asp.net-mvcauthenticationldap

Setting up LDAP Connection - LDAPError Invalid Credentials

I am trying to connect to via LDAP for the first time. I am just trying to simply check if a user can login. After trying to connect I am getting an invalid credentials error 49 and error code 81 server is unavailable. I am passing the right user credentials so this should be validating and I am able to connect via JXplorer. In JXplorer I have my host as ldap.my.edu port as 389 User dn as: Uid=myuser,OU=People, DC=ua,DC=edu then mypass.

I believe I am not properly translating this to LdapConnection and the network credential. This is my first time so any help would be very appreciated.

            const string server = "ldap.my.edu:389/OU=People,DC=my,DC=edu";
            const string domain = "ldap.my.edu";
            string password = "mypass";
            string userName = "myuser";

            try
            {
                using (var ldapConnection = new LdapConnection(server))
                {

                    var networkCredential = new NetworkCredential(userName, password, domain);
                    ldapConnection.SessionOptions.SecureSocketLayer = true;
                    ldapConnection.AuthType = AuthType.Negotiate;
                    ldapConnection.Bind(networkCredential);
                }
Solution

  • If you don't have SSL (LDAPS) enabled on this server, which looks to be the case, then you'll want to make sure you set :

    ldapConnection.SessionOptions.SecureSocketLayer = false

    Or, you can just not set it at all - LdapConnection will default to unsecured port 389 (LDAP) by default, if this isn't explicitly set.

    An example, using the values you provided in your question, would be something like this (note that I'm applying the domain to the NetworkCredential and not the LdapConnection class itself) :

    // the username and password to authenticate
const string domain = "OU=People,DC=my,DC=edu";
string password = "mypass";
string userName = "myuser";

// define your connection
LdapConnection ldapConnection = new LdapConnection("ldap.my.edu:389");

try
{
   // authenticate the username and password
   using (ldapConnection)
   {
       // pass in the network creds, and the domain.
       var networkCredential = new NetworkCredential(username, password, domain);

       // if we're using unsecured port 389, set to false. If using port 636, set this to true.
       ldapConnection.SessionOptions.SecureSocketLayer = false;

       // since this is an internal application, just accept the certificate either way
       ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };

       // to force NTLM\Kerberos use AuthType.Negotiate, for non-TLS and unsecured, just use AuthType.Basic
       ldapConnection.AuthType = AuthType.Basic;

       // authenticate the user
       ldapConnection.Bind(networkCredential);
   }
   catch (LdapException ldapException)
   {
       //Authentication failed, exception will dictate why
   }
}