Anonymous_User Absent Member.
Absent Member.
972 views

Novell LDAP Authentication


After many hours and tries, finally I am being able to authenticate user
against Novell LDAP. I used the code below to authenticate the user
against Novell LDAP. Here is the issue, in order for me to authenticate
the user, I have to provide full LDAP path to the OU of the users. Since
there is subtree of OU, how can I search the user from the root. This is
how I authenticate myself:string userDN = "CN=" + Username.Value +
",ou=cis,ou=administration,o=University"; // Change to match your
Distinguished Name (DN.

Different users belong to different OU. How can I search the user from
the root without providing full LDAP path to the OU of the user? Below
is the full code:

Code:
--------------------

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.DirectoryServices;
using System.Net;
using Novell.Directory.Ldap;


namespace FormsAuthAD
{
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}

protected void Login_Click(object sender, EventArgs e)
{
string userDN = "CN=" + Username.Value + ",ou=cis,ou=administration,o=University"; // Change to match your Distinguished Name (DN)
LdapConnection ldapConn = new LdapConnection();
ldapConn.Connect("10.20.205.41", 389); // 389 is the default port.

try
{
ldapConn.Bind (userDN, Password.Value);
FormsAuthentication.RedirectFromLoginPage(Username.Value, PersistCookie.Checked);
}
catch(LdapException ldapErr)
{
lbl_Msg.Text = "Incorrect username/password combination.";
}

}
}
}


--------------------


--
spyxdaxworld
------------------------------------------------------------------------
spyxdaxworld's Profile: http://forums.novell.com/member.php?userid=122409
View this thread: http://forums.novell.com/showthread.php?t=450531

Labels (1)
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Novell LDAP Authentication

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Either bind with a user that you know and have created specifically for
searching, or bind anonymously (without any DN/password). In either
case do a search for the naming attribute (CN is regularly used... in
most trees uid is better though since it is publicly available) that
matches the user and when you find a matching object you'll have the DN
for the "real" bind.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPDMgSAAoJEF+XTK08PnB5mlkP/j+5g4YQLsoOgg0QkdrUEudI
Dvktj/a7wTBxBSH+UIr/hifS3ukdOJWc86YGzl/GhiqS0UzqUqlH8g8LSpaG41QU
lk4aFcZaC8xV8F8VoYrmspMQQuJUe9vbZE9yAKfa0k0Nl2Ckj798MyKgpWZIFupm
PB/wKnUimDg63FXTfKxM8s54ICNFMH8cGF+KN2noqyJidevY1Ce2lkIONCYriV5s
N/IWH0Ha3IMITbFV7MO3GdD3cCgeivKGrH5eiIlmoygoL08ZHfS4jFegu35irRAd
CnURH69JyC5gLOgYYxN69CUPwtC1fAZWIXiwULCpXl2aVGldNLuBfMKO4Hkja/t1
vPyJlovoG6s6Qa9iV8LBc7v9z13g9LNWiWwGMqFEkBkfRFwtKlVAzz5+Gpm0BHRq
3MGG1OyyL21waW3K4UNjHho0KuEHY4Oe1d+2Jd9Zsi4mnMz7hDe2mquaoIaj9irw
xt88lMwfST/Oy3ldrw6/xWUKSQdj0dLT0OKPtLGtubSEBy2V6V49LyJq+QqMCDK9
a0cfq9JsCgN82f+xUchoTLlMl++MdyNyim6YJT+FXGGRqvieKnatstQnLNKtryWF
NwwrwiAv1gyE7WWL0BC8pkU2TOV47GcB/cuf6hqNb1c/xWO7i/xDQDyGNtq5FIAF
ryCnYq7jvsyvXo02rMz2
=lLs0
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Novell LDAP Authentication


It does binding for user.I am being able to authenticate user against
Novell LDAP. Issue is that, what if the user belong to different OU, how
can i search the user from the Base of the ldap instead of proving the
OU for the user.


--
spyxdaxworld
------------------------------------------------------------------------
spyxdaxworld's Profile: http://forums.novell.com/member.php?userid=122409
View this thread: http://forums.novell.com/showthread.php?t=450531

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Novell LDAP Authentication

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As I said, or meant to say, you do this by always searching for the
user's full DN FIRST, and then doing the bind with the actual user. To
do this you must first search for the user with either anonymous access
(sometimes work, but depends on the environment) or a special user made
for this first DN search (a "proxy" user of sorts). Once the user is
found by their name you then bind with that user's full DN. Do this in
all cases, not just when the user is not in a certain OU, since it will
simplify code.

Pseudocode:
Get "username" (UID, CN, etc.) from user.
Bind to search for user's "username"
Anonymously - Uses [Public] security equivalence by default.
Specific user - A user you setup for this search
Search for "username" throughout the tree, return full DN.
Bind with full DN of "username" as found earlier.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPDinTAAoJEF+XTK08PnB5Y6wP/A+Snrbyv7X7sqF3eP08NeCI
vl3B4pIDFKy7MO1jYPj+7GYb3D1d/4fqV0JGvc2ut4Qw1zemFEZ4SIjQGGm2ts/c
Ec7S5lghtMJu7gSNVoNL1lMsGqmjI1bY3dqlbnx3ZBCglaj9V0n8ewo/xHSD72LJ
TPl0Hsu8QTEL1iJyjyrOTAnHRGwsklVAZRMHOsmry0ceU5uOjASi4U/oiNFv63mv
cn6PBPDO+hu16h+0VMVM7ekK2rUKa9g0n4RqGc++20ovSnQ63GteEl8KmBWjBpUA
phVv0JzP8bQXIkx85Olk+uLWh8pVzX4nnaMmA3KBw8KNYy6kkL0GxiEVoxWMWf5j
lj5e5vKzQN/5Xu5VFccCHh8dV6DuQRGMFZhkms7TMtD1ujN3aqB4DMoljdZ6SDxZ
bTi752EdN98b4OO2uQjORTOcKDEzO5gfga40JXyR8YZCZB8hXxOv93irmUHPX/KN
zwJGrVUEXFXV7GcoMfc/Df5X+rP3uaPSy5P/mSJbIaEoIrNS6MdZ4XtcOB1yJI+s
6BBGYFgXGQq1sp3zs7vdTTdCbeDEcH2AHBXaguKUT990iiu/ThLTRepKo+I7rvUh
BTkMzYeqUgTMDEUxoKs7nRPU9+pTiKeoXHqnu/FJ5YvhRlv+z/PtKRe7zd64bNzw
zshAYZ70kbVUReIJBs6N
=1Of4
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Novell LDAP Authentication


I totally understand now what you are saying.Do you have any tutorial or
example that i can follow? I am really new to this. Thank you


--
spyxdaxworld
------------------------------------------------------------------------
spyxdaxworld's Profile: http://forums.novell.com/member.php?userid=122409
View this thread: http://forums.novell.com/showthread.php?t=450531

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Novell LDAP Authentication


Here is what i tried. I think that you wanted me to do. But iam getting
error.
I am getting "No Overload For Method 'Bind' takes '2' Arguments" under
this line:
try
{
con.Bind(userDN, userPasswd);
}

Below is the full code:

Code:
--------------------

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Net;
using System.Diagnostics;
using System.DirectoryServices.Protocols;


namespace edirectory_test_1
{
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{

}

protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
string userDN = "cn=proxy" + ",o=University";
string userPasswd = "test101";
LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier("11.13.220.33:389"));
con.Credential = new NetworkCredential(String.Empty, String.Empty);
con.AuthType = AuthType.Basic;
using (con)
{
try
{
con.Bind(userDN,userPasswd);
}
catch (LdapException)
{
lblResult.Text = "Invalid server address or admin password";
return;
}
catch (DirectoryOperationException)
{
lblResult.Text = "Invalid admin username";
return;
}
try
{
SearchRequest request = new SearchRequest("o=campus", "(&(objectClass=Person)(uid=" + Login1.UserName + "))", SearchScope.Subtree);

SearchResponse response = (SearchResponse)con.SendRequest(request);
if (response.Entries.Count == 0)
{
lblResult.Text = "No such username.";
return;
}
else
{
SearchResultEntry entry = response.Entries[0];
string dn = entry.DistinguishedName;
con.Credential = new NetworkCredential(dn, Login1.Password);
con.Bind();
// If we get this far without an exception, the username and
// password are valid. We can now use a SearchRequest to search
// for group membership etc, but that's out of scope for this
// example.

e.Authenticated = true;
}
}
catch (DirectoryOperationException)
{
lblResult.Text = "Invalid root DN / search filter";
return;
}
catch (LdapException)
{
lblResult.Text = "Invalid password";
return;
}
catch (Exception ex)
{
// an LdapException is thrown if the password is invalid, with
// ex.Message == "The supplied credential is invalid.".
lblResult.Text = ex.Message;
}
}
}
}
}




--------------------


--
spyxdaxworld
------------------------------------------------------------------------
spyxdaxworld's Profile: http://forums.novell.com/member.php?userid=122409
View this thread: http://forums.novell.com/showthread.php?t=450531

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Novell LDAP Authentication

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This error is telling me that you're trying to abuse the Bind function
in a way it will not tolerate. Check the language or class
documentation for the valid prototypes of the Bind function and if one
does not exist that accepts two arguments like these then do something
more like what you are doing lower in the code once you know the desired
user's DN and the user's password:

string dn = "cn=proxy,o=university"
con.Credential = new NetworkCredential(dn, "test101);
con.Bind();

Disclaimer: I've never used whatever language this is. In Java/Perl/PHP
it's pretty easy to do so I'm guessing based on experience in those areas.

Good luck.



On 01/12/2012 12:56 PM, spyxdaxworld wrote:
>
> Here is what i tried. I think that you wanted me to do. But iam
> getting error. I am getting "No Overload For Method 'Bind' takes '2'
> Arguments" under this line: try { con.Bind(userDN, userPasswd); }
>
> Below is the full code:
>
> Code: --------------------
>
> using System; using System.Collections.Generic; using System.Linq;
> using System.Web; using System.Web.UI; using
> System.Web.UI.WebControls; using System.Net; using
> System.Diagnostics; using System.DirectoryServices.Protocols;
>
>
> namespace edirectory_test_1 { public partial class _Default :
> System.Web.UI.Page { protected void Page_Load(object sender,
> EventArgs e) {
>
> }
>
> protected void Login1_Authenticate(object sender,
> AuthenticateEventArgs e) { string userDN = "cn=proxy" +
> ",o=University"; string userPasswd = "test101"; LdapConnection con =
> new LdapConnection(new LdapDirectoryIdentifier("11.13.220.33:389"));
> con.Credential = new NetworkCredential(String.Empty, String.Empty);
> con.AuthType = AuthType.Basic; using (con) { try {
> con.Bind(userDN,userPasswd); } catch (LdapException) { lblResult.Text
> = "Invalid server address or admin password"; return; } catch
> (DirectoryOperationException) { lblResult.Text = "Invalid admin
> username"; return; } try { SearchRequest request = new
> SearchRequest("o=campus", "(&(objectClass=Person)(uid=" +
> Login1.UserName + "))", SearchScope.Subtree);
>
> SearchResponse response = (SearchResponse)con.SendRequest(request);
> if (response.Entries.Count == 0) { lblResult.Text = "No such
> username."; return; } else { SearchResultEntry entry =
> response.Entries[0]; string dn = entry.DistinguishedName;
> con.Credential = new NetworkCredential(dn, Login1.Password);
> con.Bind(); // If we get this far without an exception, the username
> and // password are valid. We can now use a SearchRequest to search
> // for group membership etc, but that's out of scope for this //
> example.
>
> e.Authenticated = true; } } catch (DirectoryOperationException) {
> lblResult.Text = "Invalid root DN / search filter"; return; } catch
> (LdapException) { lblResult.Text = "Invalid password"; return; }
> catch (Exception ex) { // an LdapException is thrown if the password
> is invalid, with // ex.Message == "The supplied credential is
> invalid.". lblResult.Text = ex.Message; } } } } }
>
>
>
>
> --------------------
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPEFCCAAoJEF+XTK08PnB57CAQAJRXKw3WKuQrGElTWLwvf5S5
YbGjRXGkH5uCH8riW2sfwyXKnHG3q/mOR720HKT0rTAgSePz51xB0lwsOkAa1dnG
qv9ilTAdcwCO+1kpPNMaz8Ljro0lskow/0No/hX0IZ5FsWr25w4WWLIOJekL50Bj
7bhhFcrbwTq6HGiHkUKCeUDjcRG/XiCk9XMe8V5W6RLI9VZAIAJ+TwnAqBJ7Eekn
W9ZTEEx4AnO8lzQu87y3kLz0XrknjaXzTGAwYA7VojhIwFb5wArPgXB/HLPd7EUd
xy9sjEvIwVC6W81cgCh7UCU4OzNW1flDr7PHuZiHqxbj6rWgBQ3smUnmxtR2ZCmQ
Ld5v08ZRTxtPWa31yZ5KF5z/fvAdsJQEDp2MBGo4t3bJcAHhcFNexvZRwuo5NCvB
ZOnMcJtVV/AGK3u7pUx8Vaa25KGGA5c/AqWIMT+csxIufE+dVpPMOcDhvZonaBo/
vFEqFOGKMZjzG4sLkP75rz5Q9Uyht3PNgXGYdy12fWuUJBzR2Hl/1oesOCTL4VfX
PCA0iiCa6BmI4qYHSpKkaA/byzLhSZLyEAyh+aCXRZ21K1c380p1VDTOtRGZkv8i
2/wiyXO3qBp62Tv7+gxAEesGF/LUBmYvtQ865hYDycQ3wgcv8HJVm7okFZPBm7uU
4fQvY1p4z4AI2a/JRTyQ
=+BVU
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Novell LDAP Authentication


darn thing is a "stupid" dot net coding ...


--
peterkuo
------------------------------------------------------------------------
peterkuo's Profile: http://forums.novell.com/member.php?userid=88
View this thread: http://forums.novell.com/showthread.php?t=450531

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Novell LDAP Authentication


con.Credential = new NetworkCredential(String.Empty, String.Empty);


You set your DN and password here (which you have specified to be
anonymous bind), and the bind is simply con.bind();


--
peterkuo
------------------------------------------------------------------------
peterkuo's Profile: http://forums.novell.com/member.php?userid=88
View this thread: http://forums.novell.com/showthread.php?t=450531

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.