Unknown Error (0x80005000) with LDAPS Connection

后端未结

关注

 3  961

孤城傲影

I\'ve been stuck for the last couple of hours on an annoying Active Directory bit.

What I\'m trying to accomplish is connect to an Active Directory via LDAP over SSL

相关标签:

3条回答

情深已故

2020-12-14 23:24
As far as I remember This error means that there is a problem with the directory path name.
1. Be sure that "server.domainName" is the CN in the certificate of your AD server.
2. Be sure that "some.domainName" is well resolved add the resolution in your hosts file for the test
3. Be sure that the "domainName" is well resolved add the resolution in your hosts file for the test
4. Be sure that the public ke of the certificate authority that issue the server certificate is in your computer trusted root certification authority store.
5. try doing like this :
```
DirectoryEntry entry = new DirectoryEntry("LDAPS://srventr2.societe.fr:636/DC=societe,DC=fr", "user", "password");

DirectorySearcher searcher = new DirectorySearcher();
searcher.SearchRoot = entry;
searcher.SearchScope = SearchScope.Subtree;
searcher.Filter = "(&(objectCategory=person)(objectClass=user))";
SearchResultCollection results = searcher.FindAll(); 
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
栀梦

2020-12-14 23:36
Depending on how your directory server(or elements on your network are configured) sometimes a simple change such as this will work (LDAP vs. LDAPS, but leave port number)
```
entry.Path = "LDAP://some.ldap.server:636";
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
终归单人心

2020-12-14 23:38
Finally!

It seems that an ASP.NET application does not have the rights (or doesn't know how) to examine the trusted certificate store at machine level. Since the certificate was self-signed the ASP.NET application refused to establish a connection.

I fixed the problem using custom certificate validation. The following code did the trick:
```
LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier("server", port));
con.SessionOptions.SecureSocketLayer = true;
con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
con.Credential = new NetworkCredential(String.Empty, String.Empty);
con.AuthType = AuthType.Basic;
con.Bind();
```
Since I am sure the certificate is valid, the ServerCallBack method looks like this:
```
public static bool ServerCallBack(LdapConnection connection, X509Certificate certificate)
{
    return true;
}
```
But you can always of course retrieve the certificate from the local machine and validate it.

The namespace used in this example is:
```
System.DirectoryServices.Protocols;
```
This is because the namespace:
```
System.DirectoryServices.DirectoryEntry
```
does not contain a method for custom certificate validation.

Thank you all for your help and time, and hopefully this will help someone in the future!
0 讨论(0)
发布评论:

提交评论
- 加载中...