I wrote a web page to list all network users for our company's domain. The information is selected from LDAP that is on a window box. My connection details are similar to this:

        myLDAPPath = "LDAP://myserver/DC=int,DC=englishchannel,DC=com"
        Dim mySearchRoot As New DirectoryEntry(myLDAPPath)
        Dim myDirectorySearcher As New DirectorySearcher(mySearchRoot)
        Dim filterString As String = "(&(objectCategory=person)(!(userAccountControl:1.2.345.6175886.1.4.803:=2)))"
        Dim results As SearchResultCollection
        myDirectorySearcher.Sort = New SortOption("sn", SortDirection.Ascending)
        myDirectorySearcher.Filter = "(&(objectClass=*))"
        myDirectorySearcher.Filter = filterString
        mySearchRoot.AuthenticationType = AuthenticationTypes.FastBind
        results = myDirectorySearcher.FindAll()

        For Each result As SearchResult In results
... ... 

Now  I am trying to connect to LDAP on one of our Unix Servers. The server name is protector.englishchannel.com 

        myLDAPPath = "LDAP://protector.englishchannel.net/"
        Dim mySearchRoot As New DirectoryEntry(myLDAPPath)
        Dim myDirectorySearcher As New DirectorySearcher(mySearchRoot)
        'Dim filterString As String = "(&(objectClass=*))"
        Dim results As SearchResultCollection
        'myDirectorySearcher.Sort = New SortOption("domainName", SortDirection.Ascending)
        'myDirectorySearcher.Filter = filterString
        mySearchRoot.AuthenticationType = AuthenticationTypes.FastBind
        results = myDirectorySearcher.FindAll()


        For Each result As SearchResult In results
... ... 

 The trouble is that after I step through the program I see that there are no results in the set. So the FOR Each Result ends up not executing because the result set is empty.

Can anyone help me formulate an LDAP connection for our Linux Server? (listed above)

Thank You,

Molap

In order to get the query right, I'd advise you to use an LDAP browser and test the query off first, before you start fiddling with the code. There's a free tool that is commonly used - Softerra LDAP Browser - that lets you "try" connect to an LDAP source and try out any search filter and immediately see the results. I believe this is an easy way to get things right. If you google on Softerra you'll find this browser quickly.

The only thing I can see in your code is that you don't specify any credentials when connecting. Do you know if your LDAP source is configured to allow anonymous access? Otherwise you will probably have to specify a fixed set of credentials for the connection to work.

Johram,

Thanks for the tip. I do have the Softerra browser (v2.6) and I am able to connect to this LDAP source. I wasn't aware that I can somehow create a connection string within the browser.

 The Softerra connection was created a few months ago for me and today when I try to recreate it I am failing to do so. I do have the root password for the linux box on which the LDAP resides but I'm not sure if that is all I need to know.

When you connect to your LDAP source with Softerra's browser, you provide three things: base dn/connection string, username and password

This information is stored in a profile in the browser, so that you don't have to type the credentials every time you connect. Now, you say that it used to work. Do you have a profile for this connection? Can you perhaps see which username it tries to connect with? Maybe this account has been disabled for some reason.

As for the root account, I am unsure of whether this is good enough for the LDAP source. I am no Unix hacker myself ;-)

Having come this far, your issue do seem to be related to invalid/insufficient credentials. Try to find out which account you used to connect with, and reset the password for that account/re-enable it. Enter these new credentials in the browser and try to validate the connection.

Once you get this running, you can enter a filter criteria in the search box, which is LDAP-style filter. This filter along with the base DN/connection string can then be copied straight into your .NET code to be used there.

Also, you need to specify the credentials explicitly with your root DirectoryEntry. You pass username as second argument and password as third argument.

Good luck!

ok. I got a bit further. I have obtain the true username and password for the LDAP. what syntax do I use in the

myLDAPPath = "LDAP://protector.englishchannel.net/"

connection string to specify username and password. I think perhaps

myLDAPPath = "LDAP://protector.englishchannel.net/cn=manager pwd=bobo"    ?

        myLDAPPath = "LDAP://bumblebee.wingsinthe.net/"
        Dim mySearchRoot As New DirectoryEntry(myLDAPPath)
        mySearchRoot.Username = "manager"
        mySearchRoot.Password = "NoHoney!"
        mySearchRoot.AuthenticationType = AuthenticationTypes.FastBind

        Dim myDirectorySearcher As New DirectorySearcher(mySearchRoot)
        Dim filterString As String = "(&(objectClass=*))"
        Dim results As SearchResultCollection
        myDirectorySearcher.Filter = filterString

I can step all the way until here: 
        results = myDirectorySearcher.FindAll()

My code breaks here. Does it mean that I'm connecting ok but my filterString is faulty? 

It depends on what the exception is, but most likely it is because you could not connect.

To verify whether your root entry is valid, you can try to access mySearchRoot.NativeObject. If you get an Exception here, you are not connected. I'm sorry but I don't have the VB syntax for this, but just try to access this property, by assigning it to an Object variable or something.

Typically, my DirectoryEntries look like this:

Dim mySearchRoot As New DirectoryEntry("LDAP://somepath", "username", "password", AuthenticationTypes.Secure)

You might want to try connect with Secure rather than FastBind...

I tried the secure but I get a message that my server does not support it. So I entered the NativeObject into my Watch window and my error message is:

+  mySearchRoot.NativeObject {"An invalid dn syntax has been specified. "} Object

tx

Can you connect with Softerra's browser now?

Yes. I can connect with the Softerra Browser just fine.

It is really frustrating as I can't find any examples of what the correct syntax should be nor do I know how to interpret the Softerra LDAP browser information to construct a valid syntax for a connection.

When Googling or searching here I see various examples but they do not seem to have a uniform syntax structure and that I could then interpret.

 I know my address to the LDAP server LDAP://protector.englishchannel.net/

I know the username and password and I can use it to connect to the LDAP with the Softerra Browser

But how do I formulate this knowledge to create a path for a .NET connection? In the LDAP Browser I could go to properties and find under credential the string: cn=manager,dc=englishchannel.net,dc=net

Does this string have to be appended to LDAP://protector.englishchannel.net/ ? Can it be omitted? I've now tried various ways and my head is spinning.

Dim mySearchRoot As New DirectoryEntry("LDAP://protector.englishchannel.net/", "bagager", "ActioN", AuthenticationTypes.FastBind)

Well, I have never used DirectoryServices to connect to a non-MS LDAP source, so I am unsure of the exact syntax here..

What if you use the distinguished name (DN) of the user you are trying to connect with, as username?

Dim mySearchRoot As New DirectoryEntry("LDAP://protector.englishchannel.net/", "cn=manager,dc=englishchannel.net,dc=net", "ActioN", AuthenticationTypes.FastBind)

Do you know what software you are using on your LDAP source?