I want to first say that unfortunately I am unable to change the code in this specific scenario, and that the code works everywhere except for this one installation. I suspect a configuration/permissions/trust issue, and I am hoping to get advice on how to modify the environment to fix this.
In this specific place, After running Search() method on LdapConnection, I get an LdapSearchQueue that does not contain LdapSearchResult for some reason. Note that LdapSearchQueue does contain other messages (specifically LdapSearchResultReference and LdapResponse), just not the LdapSearchResult. I can manually examine the AD and see that theoretically it should have the correct response.
Obviously it ends up with entry being null.
var filter = $"(&(objectClass=User)(sAMAccountName={<user_name>}))";
var searchBase = "DC=<domain_name>,DC=com";
var search = conn.Search(searchBase, LdapConnection.SCOPE_SUB, filter, null, false, null, null);
LdapMessage message;
LdapEntry entry = null;
while ((message = search.getResponse()) != null)
{
if (!(message is LdapSearchResult searchResultMessage))
{
continue;
}
entry = searchResultMessage.Entry;
}
Any advise is appreciated
in this specific case, UPN and sAMAccountName attributes were different (result of a migration from a number of years back), whereas normally these have the same value. UPN was provided on client application, and used to successfully authenticate (for UPN), however using same value for sAMAccountName returned an error.