CODEWITHSUNDEEP
ubuntuwindows-subsystem-for-linux.net-8.0directoryservices
Marko
Marko

Reputation: 1401

Application throws error when I am trying to use TLS (System.DirectoryServices.Protocols) to access AD

With .net5 it was possible to access Active Directory with the DirectoryServices library under linux. With newer version the code below throws an error.

System.DirectoryServices.Protocols.LdapException: 'The feature is not supported.'

    public bool IsUserMemberOf(string userName, string groupName)
{
    if (string.IsNullOrWhiteSpace(groupName) || string.IsNullOrWhiteSpace(userName))
    {
        return false;
    }

    var identifier = new LdapDirectoryIdentifier(_ldapOptions.Url, _ldapOptions.Port);
    var credential = new NetworkCredential(_ldapOptions.BindUserName, _ldapOptions.BindPassword);
    using var connection = new LdapConnection(identifier, credential);

    try
    {
        connection.SessionOptions.StartTransportLayerSecurity(null);
        connection.Bind();

        var request = new SearchRequest(
            _ldapOptions.SearchBase,
            string.Format(_ldapOptions.SearchFilter, userName),
            SearchScope.Subtree,
            ActiveDirectoryAttributeNames.User.MemberOf);
        var response = (SearchResponse) connection.SendRequest(request);
        var entry = response?.Entries.Cast<SearchResultEntry>().FirstOrDefault();
        if (entry != null)
        {
            var groups = entry.Attributes[ActiveDirectoryAttributeNames.User.MemberOf].GetValues(typeof(string)).Select(x => (string)x);
            return groups.Any(x => x.ToLower().Contains(groupName.ToLower()));
        }

        return false;
    }
    catch (Exception e)
    {
        logger.LogError(e, $"Error while checking group membership for user {userName}. Error Message: {e.Message}");
        throw;
    }
    finally
    {
        connection.SessionOptions.StopTransportLayerSecurity();
    }
}

If I am not using TLS then I have no problems.

    var identifier = new LdapDirectoryIdentifier("mydomain.com", true, false);
    var credential = new NetworkCredential(_ldapOptions.BindUserName, _ldapOptions.BindPassword);
    using var connection = new LdapConnection(identifier, credential, AuthType.Basic);

    connection.SessionOptions.ProtocolVersion = 3;
    connection.Timeout = TimeSpan.FromMinutes(10);
    connection.Bind();

Is TLS no longer supported under linux?

Upvotes: 0

Views: 89

Answers (0)

Related Questions