directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laporte Sylvain (GIE)" <slapo...@mutua-services.fr>
Subject RE: Querying Apache DS via .NET C# DirectorySearcher
Date Wed, 23 Feb 2011 13:46:50 GMT

Thanks for everything.
I forwarded theses recomendations to our developpers.

KR,

SL

-----Message d'origine-----
De : Jim Willeke [mailto:jim@willeke.com] 
Envoyé : mercredi 23 février 2011 13:24
À : users@directory.apache.org
Cc : Laporte Sylvain (GIE)
Objet : Re: Querying Apache DS via .NET C# DirectorySearcher

Check out:
http://msdn.microsoft.com/en-us/library/system.directoryservices.protocols.ldapconnection.aspx
You might try something like:

NetworkCredential oCred = new NetworkCredential( strLdapUserId, strLdapPassword ); LdapConnection
oLdapConnection = new LdapConnection(
        new LdapDirectoryIdentifier( strLdapServer, true, false ), oCred );

oLdapConnection.AuthType = AuthType.Basic; oLdapConnection.SessionOptions.ProtocolVersion
= 3; oLdapConnection.Bind();

If the "bind" works, then you should be good.
No Search is performed.

-jim
Jim Willeke


On Wed, Feb 23, 2011 at 6:41 AM, Laporte Sylvain (GIE) <slaporte@mutua-services.fr>
wrote:
>
> Thank you,
>
>        In deed, our developper is new to querying LDAP with C# and did not manage
to set the BaseDN to anything else than root. C# and Directory Services classes seem to be
quite weird on this side.
>        Anyway, he tried modifying the scope to base object only and did not get this
exception.
>
>        The purpose of the non sense query is that, in this case, we only need to
validate the bind step so we don't care about searching the whole tree or retreiving some
results.
>        But we are aware that we are likely to face the problem again in the furture,
when we'll actually have to retreive some information... Then our dev will have to get through
this BaseDN thing.
>
> Thank you all for your help.
>
> KR,
>
> -----Message d'origine-----
> De : Emmanuel Lecharny [mailto:elecharny@gmail.com] Envoyé : mercredi 
> 23 février 2011 10:29 À : users@directory.apache.org Objet : Re: 
> Querying Apache DS via .NET C# DirectorySearcher
>
> On 2/23/11 9:49 AM, Laporte Sylvain (GIE) wrote:
> > Hi,
> >
> > Thanks for your reply.
> > We are using v1.5.7 with Java 1.6 update 23
> >
> > When talking about "an old issue related to sub level searching on RootDSE", do
you think that restricting the search on the OU or at least on the domain could help solve
the problem?
> Just try starting on another naming context than RootDSE. Your baseDN is empty, searching
from 'dc=myDomain,dc=myTLD' could work.
>
> Also, searching the whole tree with a size limit set to 1 and a filter set to (ObjectClass=*)
does not make a lot of sense, but this is another story...
> > Thanks
> >
> >
> >
> > -----Message d'origine-----
> > De : ayyagarikiran@gmail.com [mailto:ayyagarikiran@gmail.com] De la 
> > part de Kiran Ayyagari Envoyé : mardi 22 février 2011 21:13 À : 
> > users@directory.apache.org Objet : Re: Querying Apache DS via .NET 
> > C# DirectorySearcher
> >
> > hi Laporte,
> >
> >    Which version you are using? I guess you are encountering an old 
> > issue related to sub level searching on RootDSE, a fix for this 
> > issue
> >    was committed to the trunk quite sometime back, may be you can test your program
against the server built from trunk sources.
> >
> > On Tue, Feb 22, 2011 at 9:22 PM, Laporte Sylvain (GIE)<slaporte@mutua-services.fr>
 wrote:
> >> Hi all,
> >>
> >>
> >>
> >> We've just implemented Apache Directory Server on one of our 
> >> Windows
> >> 2008 Servers.
> >>
> >> Some of our developpers have to create a C# web service that query 
> >> this new ApacheDS directory using the DirectorySearcher class.
> >>
> >>
> >>
> >> When he comes to query the LDAP directory, he gets a strange 
> >> message on his side:<  A network peripheral is not functionning>
> >>
> >> Switching the logs to DEBUG, I can see that the bind performs well, 
> >> but the search throws a java exception when ADS is handling the request :
> >>
> >>
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - OTHER: failed for     SearchRequest
> >>
> >>                   baseDn : ''
> >>
> >>         filter : '(2.5.4.0=*:[3232])'
> >>
> >>         scope : whole subtree
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : 1
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : never Deref Aliases
> >>
> >>         attributes : 'objectclass', 'cn'
> >>
> >> : -1
> >>
> >> java.lang.ArrayIndexOutOfBoundsException: -1
> >>
> >>
> >>
> >> ADS adds a<  : -1>  at the end of the request although the original

> >> search request seems to be well received :
> >>
> >>
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - Handling single reply request:     SearchRequest
> >>
> >>         baseDn : ''
> >>
> >>         filter : '(objectClass=*)'
> >>
> >>         scope : whole subtree
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : 1
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : never Deref Aliases
> >>
> >>         attributes : 'objectclass', 'cn'
> >>
> >>
> >>
> >> The transaction is although very simple :
> >>
> >>
> >>
> >> //Declares the Directory entry object
> >>
> >> DirectoryEntry Ldap = new DirectoryEntry(_ldapserver, _bindDN, 
> >> _password, AuthenticationTypes.None);
> >>
> >> try
> >>
> >> {
> >>
> >> //Declares the search object
> >>
> >> DirectorySearcher search = new DirectorySearcher(Ldap);
> >>
> >> // Adds a filter
> >>
> >> search.Filter = "(objectClass=*)";  // version APACHE
> >>
> >>       //Defines the attributes to retrieve
> >>
> >> search.PropertiesToLoad.Add("objectClass");
> >>
> >> search.PropertiesToLoad.Add("cn");
> >>
> >>             //Performs the search
> >>
> >> SearchResult result = search.FindOne();
> >>
> >> }
> >>
> >>
> >>
> >> Can anybody help? I cannot understand where does this ": -1" come 
> >> from as it doesn't appear using Apache Directory Studio.
> >>
> >>
> >>
> >> If useful the full query log is following...
> >>
> >>
> >>
> >> Thank you very much,
> >>
> >>
> >>
> >> S. Laporte
> >>
> >> -------------------------------
> >>
> >>
> >>
> >>
> >>
> >> [15:40:39] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - Handling single reply request:     SearchRequest
> >>
> >>         baseDn :
> >> 'cn=myBindUser,ou=myBindOU,ou=anotherOU,dc=myDomain,dc=myTLD'
> >>
> >>         filter : '(objectClass=*)'
> >>
> >>         scope : single level
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : 1000
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : deref Always
> >>
> >>         attributes : 'hassubordinates', 'objectclass'
> >>
> >>
> >>
> >> [15:40:39] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - ManageDsaITControl NOT detected.
> >>
> >> [15:40:39] DEBUG
> >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Entry 
> >> cn=myBindUser,ou=myBindOU,ou=anotherOU,dc=myDomain,dc=myTLD is NOT 
> >> a referral.
> >>
> >> [15:40:39] DEBUG
> >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Message
> >> received:      SearchRequest
> >>
> >>         baseDn :
> >> 'cn=myBindUser,ou=myBindOU,ou=anotherOU,dc=myDomain,dc=myTLD'
> >>
> >>         filter : '(objectClass=*)'
> >>
> >>         scope : single level
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : 1000
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : deref Always
> >>
> >>         attributes : 'hassubordinates', 'objectclass'
> >>
> >>
> >>
> >> [15:40:39] DEBUG
> >> [org.apache.directory.server.ldap.handlers.SearchHandler] - using 
> >> <1000,1000>  for size limit
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.BindHandler]
> >> - Received:     BindRequest
> >>
> >>         Version : '3'
> >>
> >>         Name :
> >> 'cn=myBindUser,ou=myBindOU,ou=anotherOU,dc=myDomain,dc=myTLD'
> >>
> >>         Simple authentication : 'password/0x3F 0x41 0x66 0x73 0x4B 
> >> 0x3C 0x3D 0x6A '
> >>
> >>
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.BindHandler]
> >> - Returned SUCCESS message:     BindResponse
> >>
> >>         Ldap Result
> >>
> >>             Result code : (SUCCESS) success
> >>
> >>             Matched DN : 'null'
> >>
> >>             Error message : 'null'
> >>
> >> .
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - Handling single reply request:     SearchRequest
> >>
> >>         baseDn : ''
> >>
> >>         filter : '(objectClass=*)'
> >>
> >>         scope : base object
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : no limit
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : never Deref Aliases
> >>
> >>         attributes : 'subschemasubentry', 'dsservicename', 
> >> 'namingcontexts', 'defaultnamingcontext', 'schemanamingcontext', 
> >> 'configurationnamingcontext', 'rootdomainnamingcontext', 
> >> 'supportedcontrol', 'supportedldapversion', 
> >> 'supportedldappolicies', 'supportedsaslmechanisms', 'dnshostname', 
> >> 'ldapservicename', 'servername', 'supportedcapabilities'
> >>
> >>
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - ManageDsaITControl NOT detected.
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Entry  
> >> is NOT a referral.
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Message
> >> received:      SearchRequest
> >>
> >>         baseDn : ''
> >>
> >>         filter : '(objectClass=*)'
> >>
> >>         scope : base object
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : no limit
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : never Deref Aliases
> >>
> >>         attributes : 'subschemasubentry', 'dsservicename', 
> >> 'namingcontexts', 'defaultnamingcontext', 'schemanamingcontext', 
> >> 'configurationnamingcontext', 'rootdomainnamingcontext', 
> >> 'supportedcontrol', 'supportedldapversion', 
> >> 'supportedldappolicies', 'supportedsaslmechanisms', 'dnshostname', 
> >> 'ldapservicename', 'servername', 'supportedcapabilities'
> >>
> >>
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute dsservicename does not exist 
> >> in the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute defaultnamingcontext does not 
> >> exist in the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute schemanamingcontext does not 
> >> exist in the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute configurationnamingcontext 
> >> does not exist in the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute rootdomainnamingcontext does 
> >> not exist in the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute supportedldappolicies does 
> >> not exist in the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute dnshostname does not exist in 
> >> the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute ldapservicename does not 
> >> exist in the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute servername does not exist in 
> >> the schema, it will be ignored
> >>
> >> [15:55:49] WARN
> >> [org.apache.directory.server.core.interceptor.context.SearchingOper
> >> ati on Context] - Requested attribute supportedcapabilities does 
> >> not exist in the schema, it will be ignored
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - Handling single reply request:     SearchRequest
> >>
> >>         baseDn : ''
> >>
> >>         filter : '(objectClass=*)'
> >>
> >>         scope : whole subtree
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : 1
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : never Deref Aliases
> >>
> >>         attributes : 'objectclass', 'cn'
> >>
> >>
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - ManageDsaITControl NOT detected.
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Entry  
> >> is NOT a referral.
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Message
> >> received:      SearchRequest
> >>
> >>         baseDn : ''
> >>
> >>         filter : '(objectClass=*)'
> >>
> >>         scope : whole subtree
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : 1
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : never Deref Aliases
> >>
> >>         attributes : 'objectclass', 'cn'
> >>
> >>
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand
> >> ler
> >> ]
> >> - OTHER: failed for     SearchRequest
> >>
> >>         baseDn : ''
> >>
> >>         filter : '(2.5.4.0=*:[3232])'
> >>
> >>         scope : whole subtree
> >>
> >>         typesOnly : false
> >>
> >>         Size Limit : 1
> >>
> >>         Time Limit : no limit
> >>
> >>         Deref Aliases : never Deref Aliases
> >>
> >>         attributes : 'objectclass', 'cn'
> >>
> >> : -1
> >>
> >> java.lang.ArrayIndexOutOfBoundsException: -1
> >>
> >>                 at java.util.ArrayList.get(Unknown Source)
> >>
> >>                 at
> >> org.apache.directory.server.core.filtering.CursorList.beforeFirst(C
> >> urs
> >> or
> >> List.java:170)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.handlers.SearchHandler.doSimpleSea
> >> rch
> >> (S
> >> earchHandler.java:729)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.handlers.SearchHandler.handleIgnor
> >> ing
> >> Re
> >> ferrals(SearchHandler.java:978)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.handlers.SearchHandler.handleWithR
> >> efe
> >> rr
> >> als(SearchHandler.java:1054)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.handlers.SearchHandler.handleWithR
> >> efe
> >> rr
> >> als(SearchHandler.java:78)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.handlers.ReferralAwareRequestHandler.
> >> ha
> >> ndle(ReferralAwareRequestHandler.java:94)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.handlers.ReferralAwareRequestHandler.
> >> ha
> >> ndle(ReferralAwareRequestHandler.java:57)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handle
> >> Mes
> >> sa
> >> ge(LdapRequestHandler.java:208)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handle
> >> Mes
> >> sa
> >> ge(LdapRequestHandler.java:58)
> >>
> >>                 at
> >> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(Dem
> >> uxi
> >> ng
> >> IoHandler.java:232)
> >>
> >>                 at
> >> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceive
> >> d(L
> >> da
> >> pProtocolHandler.java:193)
> >>
> >>                 at
> >> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.me
> >> ssa
> >> ge
> >> Received(DefaultIoFilterChain.java:713)
> >>
> >>                 at
> >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessa
> >> geR
> >> ec
> >> eived(DefaultIoFilterChain.java:434)
> >>
> >>                 at
> >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(D
> >> efa
> >> ul
> >> tIoFilterChain.java:46)
> >>
> >>                 at
> >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.m
> >> ess
> >> ag
> >> eReceived(DefaultIoFilterChain.java:793)
> >>
> >>                 at
> >> org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.j
> >> ava
> >> :7
> >> 1)
> >>
> >>                 at
> >> org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> >>
> >>                 at
> >> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.
> >> run
> >> Ta
> >> sk(UnorderedThreadPoolExecutor.java:480)
> >>
> >>                 at
> >> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.
> >> run
> >> (U
> >> norderedThreadPoolExecutor.java:434)
> >>
> >>                 at java.lang.Thread.run(Unknown Source)
> >>
> >> [15:55:49] DEBUG
> >> [org.apache.directory.server.ldap.LdapProtocolHandler]
> >> - Cleaning the LdapSession :
> >> <2.5.4.3=mybinduser,2.5.4.11=mybinfou,2.5.4.11=anotherou,0.9.2342.1
> >> 920
> >> 03 00.100.1.25=mydomain,0.9.2342.19200300.100.1.25=mytld,...>  
> >> session
> >>
> >> [15:55:49] INFO
> >> [org.apache.directory.server.ldap.handlers.LdapRequestHandler] - 
> >> ignoring the message 
> >> org.apache.directory.shared.ldap.message.UnbindRequestImpl@374e67ab
> >> received from null session
> >>
> >>
> >
> >
> > --
> > Kiran Ayyagari
> >
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>

Mime
View raw message