2

I am new to LDAP related coding and today I am asked to develop a code to check the users authentication against LDAP.

The tutorials I have found online are so simple but our company's Directory is so complicated that I don't know how to write a code for that. Here is the info of the LDAP . I have changed the company name to hide the name.

uri = ldaps://ABC.ad.XYZ.com:636
user_filter = memberOf=CN=TENXAIRFLOWPROD,OU=Security Groups,OU=Normal Users and Groups,OU=Account Management Services,OU=AD Master OU,DC=ABC,DC=ad,DC=XYZ,DC=com
user_name_attr = sAMAccountName
superuser_filter = memberOf=CN=TENXAIRFLOWPROD_ADM,OU=Security Groups,OU=Normal Users and Groups,OU=Account Management Services,OU=AD Master OU,DC=ABC,DC=ad,DC=XYZ,DC=com
bind_user = SCGLOBAL\twiki
bind_password_cmd = python /bns/tenx/airflow/ldap_password.py
basedn = DC=ABC,DC=ad,DC=XYZ,DC=com
search_scope = SUBTREE

Here is a code I have developed but it gives me error:

string username = "myUserName";
string domain = "ldaps://ABC.ad.XYZ.com:636"; 
string pwd = "myPasword";              
try
{
    DirectoryEntry entry = new DirectoryEntry(domain, username, pwd);
    //Bind to the native AdsObject to force authentication.
    object obj = entry.NativeObject;
    lblError.Text=("Login Successful");

    //search some info of this user if any
    DirectorySearcher search = new DirectorySearcher(entry);
    search.Filter = "(SAMAccountName=" + username + ")";
    SearchResult result = search.FindOne();
}
catch (Exception ex)
{
    lblError.Text=("Login failed: " + ex.ToString());
}

Could anybody help plz?

Improve this question
2
  • Are you accessing Microsoft Active Directory? Commented Sep 21, 2017 at 14:26
  • According to the admin , I have been assigned to the group in AD. But how can I make sure I can access it? Commented Sep 21, 2017 at 14:29

1 Answer 1

Reset to default
3

Comment: According to the admin , I have been assigned to the group in AD. But how can I make sure I can access it?

It seems like Active Directory. If so, you could just use PrincipalContext.

public bool ValidateCredentials(string domain, string username, string password)
{
    using (var context = new PrincipalContext(ContextType.Domain, domain))
    {
        return context.ValidateCredentials(username, password);
    }
}

public bool IsUserInAdGroup(string domain, string username, string adGroupName)
{
    bool result = false;
    using (var context = new PrincipalContext(ContextType.Domain, domain))
    {
        var user = UserPrincipal.FindByIdentity(context, username);
        if (user != null)
        {
            var group = GroupPrincipal.FindByIdentity(context, adGroupName);
            if (group != null && user.IsMemberOf(group))
                result = true;
        }
    }
    return result;
}

Please make sure to reference System.DirectoryServices.AccountManagement.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I still need to know where/how to use all these user_filter, user_name_attr, DC, OU, etc.
Normally, we do not need to construct those manually, if you call Active Directory using PrincipalContext unless you have a specific requirement or you are accessing non Microsoft directory services.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.