Search code examples
.netactive-directoryldapdirectoryservices

Authentication Types when switching from System.DirectoryServices to DirectoryServices.Protocols

I need to know the equivalent AuthType values from AuthenticationTypes to migrate from S.DS to S.DS.P code.

I am rewriting an LDAP connection module that currently uses the System.DirectoryServices namespace. To increase compatibility with non-ActiveDirectory servers, I am trying to rewrite all of the code to use System.DirectoryServices.Protocols (as per the suggestion in "The .NET Developer's Guide to Directory Services Programming). Everything is going smoothly except for the transition between using the AuthenticationTypes enumeration to the AuthType one used by SD.Protocols. I need to know the equivalents between the two so that clients using the old code do not lose functionality when the new code is released.

The equivalencies that I know of are:
None -> Basic
Secure -> Negotiate (more or less)
Anonymous -> None
SecureSocketsLayer -> setting LdapSessionOptions.SecureSocketsLayer to true

Solution

  • It looks like you were on the right track.

    After doing some research, I was able to map almost all of the AuthenticationTypes values:

    None: AuthType.Basic

    Secure: AuthType.Negotiate

    Anonymous: AuthType.Anonymous

    Signing: LdapSessionOptions.Signing

    Sealing: LdapSessionOptions.Sealing

    SecureSocketLayer: LdapSessionOptions.SecureSocketLayer

    Encryption: Same value as SecureSocketLayer

    ReadonlyServer: LdapSessionOptions.LocatorFlag.WriteableRequired = false

    Serverbind: Use one of the LdapDirectoryIdentifier constructors that has the fullyQualifiedDnsHostName argument, with the value set to true.

    FastBind: Doesn't apply, since this S.DS.P works at a lower level.

    Delegation: No corresponding setting found. It could be that delegation is implicit. One way to test would be to convert the code on this page and see if it works.

    Be aware that not all non-AD servers will support AuthType.Negotiate, since it is Windows specific. There are several other things (like some of the LocatorFlag values) that will also not mean anything for non-AD systems. Thus, take care when converting code that assumed AD connectivity, since some assumptions will no longer be safe.