Connect to LDAP over ssl from remote machine using "DirectoryEntry" API

Question

I need to connect to LDAP over SSL from a remote machine; There are many discussions for this, but the solutions posted in them do work only in the same Windows Server domain machine; The same code fails to connect successfully from a remote machine;

Code I tried:

DirectoryEntry entry = new DirectoryEntry("LDAP://fqdn:636/DC=aa,DC=bb", "username", "password");
DirectorySearcher searcher = new DirectorySearcher();
searcher.SearchRoot = entry;
searcher.SearchScope = SearchScope.Subtree;
searcher.Filter = "(&(objectCategory=person)(objectClass=user))";
SearchResultCollection results = searcher.FindAll();

To say again, I am able to get results from same WindowsServer domain machine; But I get exception "Server is not operational" when I try the same code from remote machine;

I found that its due to certificate validation failure i.e. Windows Server's certificate is not validated in remote machine; But I don't know how to override certificate validation for 'DirectoryEntry object';

• This post has solution for Certificate issue; But its for 'LdapConnection'

• But I need the solution for DirectoryEntry API;

Just for an info; This post has the same question raised for Java with no answers; My requirement is for C#

Answer 1

Unfortunately, there is no certificate override available for DirectoryEntry.

You have to use the lower-level LdapConnection and LdapDirectoryIdentifier classes from the System.DirectoryServices.Protocols namespace.

It shouldn't be too difficult to convert your code over, and in doing so, you'll be able to handle both local and remote directory resources. I ran into this same issue a while ago, and I wrote up an extensive post on why this is the case, and how to work around it - check it out :

Set callback for System.DirectoryServices.DirectoryEntry to handle self-signed SSL certificate?