ldap4net icon indicating copy to clipboard operation
ldap4net copied to clipboard
verified publisher icon flamencist

Unable to connect via LDAPS

Open sej69 opened this issue 5 years ago • 6 comments

I'm not 100% sure if I'm doings this right, but I believe so according to the docs.

This is the unit test: (yes I know there are no assertions)

    public async Task TestAuthentiationAsync()
    {
        AuthReturn rval = await Auth.TestAuthAsync("testdc1.testdomain1.local", "[email protected]", "mytestpass", true);
        rval = await Auth.TestAuthAsync("10.1.1.11", "[email protected]", "mytestpass", false);
    }

The method I'm testing:

public static async Task<AuthReturn> TestAuthAsync(string szServer, string szAdminName, string szPassword, bool isSecure) { using (var cn = new LdapConnection()) { try { cn.Timeout = new TimeSpan(0, 0, 30); if (!isSecure) { cn.Connect(szServer, 389); await cn.BindAsync(LdapAuthMechanism.SIMPLE, szAdminName, szPassword); } else { cn.Connect(szServer, 636, LdapSchema.LDAPS); // I've tried this with and without the ldapschema cn.TrustAllCertificates(); await cn.BindAsync(LdapAuthMechanism.SIMPLE, szAdminName, szPassword); } } catch (Exception ex) { if (Environment.UserInteractive) Console.WriteLine(ex.Message); if (ex.HResult == 2146233088) return AuthReturn.ServerDown; else if (ex.HResult == 2146233088) return AuthReturn.InvalidCredentials; } return AuthReturn.Success; } }

Desktop (please complete the following information):

OS: Windows 10 Library version [e.g. 2.3]: 2.7.9 .NET\core\mono version [e.g. 4.6, 3.1] .NET Framework 4.7.2 LDAP server Active Directory

I get the error: Server Down. Result: 81. Method: ldap_connect But my 389 auth check does run ok. I tried this against two domains (one for sure I know is a-ok with 636, I assume my new test domain is as well). Is this a bug or am I doing something wrong?

sej69 avatar Nov 11 '20 14:11 sej69

Ok, after playing around with this, I got it to work on my "dev attached" domain (my work domain that my dev computer is attached to). However, I can't auth to an external domain using 636/LDAPS (server down. result: 81).

sej69 avatar Nov 11 '20 17:11 sej69

Is port 636 available/open? Check errors on AD in Event Viewer

flamencist avatar Nov 11 '20 21:11 flamencist

I've got the firewall off on that test server and when I do a netstat -a it shows as available. I'm not seeing any errors in the event logs pertaining to auth or this connection.

sej69 avatar Nov 11 '20 22:11 sej69

Try to use TrustAllCertificates before connect. Is it same ?

flamencist avatar Nov 13 '20 19:11 flamencist

Yes, I have done that...

Sent via the Samsung Galaxy Note10+, an AT&T 5G Evolution capable smartphone Get Outlook for Androidhttps://aka.ms/ghei36

From: Alexander Chermyanin [email protected] Sent: Friday, November 13, 2020 1:49:45 PM To: flamencist/ldap4net [email protected] Cc: Scott Johnson [email protected]; Author [email protected] Subject: Re: [flamencist/ldap4net] Unable to connect via LDAPS (#106)

Try to use TrustAllCertificates before connect. Is it same ?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/flamencist/ldap4net/issues/106#issuecomment-726998379, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AD2HLVPWE72LHDURLLE2Z5DSPWEVTANCNFSM4TSCMECA.

sej69 avatar Nov 13 '20 19:11 sej69

Another point that you could not use IP address as server. You should use hostname of ldap server and SSL certificate should created for this hostname. Actually I use "example" hostname for tests. For example:

connection.Connect("example", Config.LdapsPort, LdapSchema.LDAPS);

flamencist avatar Nov 14 '20 17:11 flamencist