Connect to eDirectory using application credentials. Then authenticate user

Question

I need to connect to NetIQ eDirectory using .NET & C#. The connection must be opened using application credentials. Once the connection is opened, I need to validate user credentials under the authority of the application credentials using a similar method as S.DS.AccountManagement.

        using (var context = new PrincipalContext(ContextType.Domain, path, appUserDn, appPassword))
        {
            //Username and password for authentication.
            var valid = context.ValidateCredentials(userDn, password);
        }

I tried Novell.Directory.Ldap, S.DS.DirectoryEntry, & S.DS.AccountManagement. The last one requires AD and does not apply.

Test using Novell.Directory.Ldap..

        using (var cn = new LdapConnection())
        {
            cn.Connect(server, int.Parse(port));
            cn.Bind(appUserDn, appPassword); //throws exception if invalid credentials..
            var passwordAttr = new LdapAttribute("userPassword", password);
            cn.Compare(userDn, passwordAttr); // Only compares password, so no locked account check, etc.
        }

My current prototype uses S.DS.Protocols.

        var networkCredential = new NetworkCredential(
            appUserDn,
            appPassword);

        using (proto.LdapConnection cn = new proto.LdapConnection(new proto.LdapDirectoryIdentifier(server, int.Parse(port)), networkCredential, proto.AuthType.Basic))
        {
            cn.Bind();

            /// Next validate user credentials..

        }

I cannot find a way to validate user credentials other than reassigning NetworkCrentials and rebinding using the individual's username & password. How should I proceed?

Answer 1

It turns out our client got it wrong. The correct way is to bind the connection directly to an individual's credentials as I demonstrate in the Novell.Directory.Ldap example.

There was a posting on NetIQ's forum about executing a shell script but I did not get it working.