Unfortunately, there is currently no OOB support for 3rd party LDAP directories. You would need to write your own provider in order to support something like OpenLDAP. I am not sure how much effort that would take honestly.
The reason I am pretty sure that the OOB Active Directory provider will not work is because of both the naming schema (the RDN identifier might be different) as well as the hardcoding of specific attributes in the provider. I don't think it would work.
If you are running on a Microsoft OS and have a choice for LDAP directory, I think you should consider ADAM instead of OpenLDAP. I am not even sure you can run OpenLDAP on MS OS, but I could be wrong. ADAM will work fine with the provider.
It took me two weeks of playing around with LDAP and .Net 2.0 to come up with this working solution:
using
System;
using
System.Collections.Generic;
using
System.Text;
using
System.Web.Security;
using
System.DirectoryServices;
using
System.Threading;
using
YourCompanyName.Diagnostics;
namespace
YourCompanyName.Security.LDAP
{
public class
MembershipProvider : System.Web.Security.MembershipProvider
{
public override
bool ValidateUser(string username,
string password)
{
//Find the person in the directory to determine their distinct name
try
{
DirectoryEntry root =
new DirectoryEntry("LDAP://YourCompanyName.com/ou=person,o=YourCompanyName.com,c=US",
null, null,
AuthenticationTypes.None);
DirectorySearcher searcher =
new DirectorySearcher(root);
searcher.SearchScope =
SearchScope.Subtree;
searcher.Filter =
"uid=" + username;
SearchResult findResult = searcher.FindOne();
string distinctName =
"uid=" + username;
// Inverse the ou order found in LDAP to build distinct name
for (int i = findResult.Properties["ou"].Count - 1; i >= 0; i--)
{
distinctName +=
",ou=" + findResult.Properties["ou"][i];
}
distinctName +=
",o=YourCompanyName.com,c=US";
// Find the person as Employee
DirectoryEntry root2 =
new DirectoryEntry("LDAP://YourCompanyName.com/ou=person,o=YourCompanyName.com,c=US",
distinctName, password,
AuthenticationTypes.ServerBind);
DirectorySearcher searcher2 =
new DirectorySearcher(root2);
Simply replace the current membership provider in the web.config with the name of the membership provider (in this case YourCompanyName.Security.MembershipProvider
yipchunyu
Member
105 Points
21 Posts
ASP .Net 2.0 MembershipProvider for LDAP?
Mar 09, 2006 08:15 AM|LINK
If I need to write a web app with a thrid party LDAP instead of AD. Are there any MembershipProvider for use?
Or any tips on this?
BTW, is OpenLDAP is one of the best directory server to use?
dunnry
Star
9098 Points
1806 Posts
Re: ASP .Net 2.0 MembershipProvider for LDAP?
Mar 13, 2006 04:22 PM|LINK
The reason I am pretty sure that the OOB Active Directory provider will not work is because of both the naming schema (the RDN identifier might be different) as well as the hardcoding of specific attributes in the provider. I don't think it would work.
If you are running on a Microsoft OS and have a choice for LDAP directory, I think you should consider ADAM instead of OpenLDAP. I am not even sure you can run OpenLDAP on MS OS, but I could be wrong. ADAM will work fine with the provider.
Weblog
The Book
LDAP Programming Help
steven_fowle...
Member
5 Points
1 Post
Re: ASP .Net 2.0 MembershipProvider for LDAP?
Nov 16, 2006 06:19 PM|LINK
It took me two weeks of playing around with LDAP and .Net 2.0 to come up with this working solution:
using
System;using
System.Collections.Generic;using
System.Text;using
System.Web.Security;using
System.DirectoryServices;using
System.Threading;using
YourCompanyName.Diagnostics;namespace
YourCompanyName.Security.LDAP{
public class MembershipProvider : System.Web.Security.MembershipProvider{
public override bool ValidateUser(string username, string password){
//Find the person in the directory to determine their distinct name try{
DirectoryEntry root = new DirectoryEntry("LDAP://YourCompanyName.com/ou=person,o=YourCompanyName.com,c=US", null, null, AuthenticationTypes.None); DirectorySearcher searcher = new DirectorySearcher(root);searcher.SearchScope =
SearchScope.Subtree;searcher.Filter =
"uid=" + username; SearchResult findResult = searcher.FindOne(); string distinctName = "uid=" + username; // Inverse the ou order found in LDAP to build distinct name for (int i = findResult.Properties["ou"].Count - 1; i >= 0; i--){
distinctName +=
",ou=" + findResult.Properties["ou"][i];}
distinctName +=
",o=YourCompanyName.com,c=US"; // Find the person as Employee DirectoryEntry root2 = new DirectoryEntry("LDAP://YourCompanyName.com/ou=person,o=YourCompanyName.com,c=US",distinctName, password,
AuthenticationTypes.ServerBind); DirectorySearcher searcher2 = new DirectorySearcher(root2);searcher2.SearchScope =
SearchScope.Subtree;searcher2.Filter =
"uid=" + username; try{
SearchResult resultEmployee = searcher2.FindOne(); if (resultEmployee.Properties["uid"].Count == 1) { return true; } else { return false; }}
catch (Exception ex){
EventLog eventLog = new EventLog(); ThreadStart starter = delegate { eventLog.WriteEntry(this.ToString(),String.Format("ValidateUser : {0} : uid {1} Found; Credentials failed", ex.Source, username), System.Diagnostics.EventLogEntryType.Warning); }; new Thread(starter).Start(); return false;}
}
catch (Exception ex){
if (ex.Message == "Object reference not set to an instance of an object."){
EventLog eventLog = new EventLog(); ThreadStart starter = delegate { eventLog.WriteEntry(this.ToString(),String.Format("ValidateUser : {0} : uid {1} NOT found", ex.Source, username), System.Diagnostics.EventLogEntryType.Warning); }; new Thread(starter).Start();}
else{
EventLog eventLog = new EventLog(); ThreadStart starter = delegate { eventLog.WriteEntry(this.ToString(),String.Format("ValidateUser : {0} : {1}", ex.Source, ex.Message), System.Diagnostics.EventLogEntryType.Error); }; new Thread(starter).Start();}
return false;}
}
Here is the code to my custom event logger:
using
System;using
System.Collections.Generic;using
System.Text;using
System.Diagnostics;namespace
YourCompanyName.Diagnostics{
public class EventLog{
public void WriteEntry(string Source, string Message, EventLogEntryType EntryType){
System.Diagnostics.
EventLog myEL = new System.Diagnostics.EventLog("Application", System.Environment.MachineName, Source); int eventID = 0; foreach (EventLogEntry _Entry in myEL.Entries){
if (_Entry.Source == Source){
eventID++;
}
}
myEL.WriteEntry(Message, EntryType, eventID);
myEL.Close();
}
}
}
bluelinenetw...
Member
139 Points
218 Posts
Re: ASP .Net 2.0 MembershipProvider for LDAP?
May 26, 2010 07:12 PM|LINK
This may sound retarded....but how do you then add this to web.config?
Web Based Self Service Password Reset for Active Directory Accounts (OpenSource Project)
Cipher Cogni...
Member
22 Points
7 Posts
Re: ASP .Net 2.0 MembershipProvider for LDAP?
Aug 04, 2012 12:16 AM|LINK
Simply replace the current membership provider in the web.config with the name of the membership provider (in this case YourCompanyName.Security.MembershipProvider
dibblm5
Member
9 Points
5 Posts
Re: ASP .Net 2.0 MembershipProvider for LDAP?
Nov 01, 2012 03:32 PM|LINK
But you don't mention where to place this code or how to access it.
To me.. Sure create a module and access it from the web.config. But Im sorry.. I don't know how to access it and that extra info would be beneficial..
Create module called. Authenticate.. Add provided code and adjust as necissary... Then what..??