I am trying to connect and bind using the Administrator user to LDAP and get the list of all users. Following is my code, which works for Microsoft Active Directory but not for Open LDAP. I am using Novell.Directory.LDAP in C#
var user = configuration.username + "@" + configuration.domainName;
LdapConnection connection = new() { SecureSocketLayer = false };
connection.Connect(configuration.Host, LdapConnection.DefaultPort);
connection.Bind(user, configuration.Password);
I researched and found that to bind Open LDAP, need an Admin account DN (Distinguished Name) only, and then it works. But I am not provided with DN. Is it possible to bind the Open LDAP without Admin DN?
"Bind DN" is the LDAP equivalent of a username. If you do not want to allow anonymous access, then you will need to provide a username, and for LDAP simple bind that's always in the form of an entry DN.
Although Active Directory domain controllers accept plain usernames for simple-bind operations, that's generally an exception, not the rule. OpenLDAP does not support that; it requires a DN. (This is partly because Active Directory DCs have a "user name" attribute specifically defined in the AD schema; meanwhile OpenLDAP follows the X.500 schema, where the entire DN was designed to act as the username.)
If you want to create a username/password form, the usual approach used by services is to bind twice and perform a search:
SASL PLAIN might technically be an alternative. Because SASL as a whole is protocol-independent, SASL binds do generally use a plain username, which OpenLDAP will internally translate to a bind DN. Unfortunately OpenLDAP cannot validate SASL PLAIN authentication all by itself; it would need an external account database (compatible with saslauthd), so in most cases that's just a headache.