Closed dotdiego closed 8 months ago
you can always debug the library - in the end the source code is available.
We started seeing a similar issue after upgrading from 3.4.0 to 3.6.0. We connect to an Active Directory kind of like this...
using var connection = new LdapConnection() { Constraints = new LdapConstraints { ReferralFollowing = true }};
connection.Connect("dc.example.com", 389);
connection.Bind("cn=admin,ou=users,dc=example,dc=com", "password");
var results = connection.Search("dc=example,dc=com", LdapConnection.ScopeSub, "(&(objectClass=person)(objectClass=user)(sAMAccountName={username}))", null, typesOnly: false);
var entry = results.SingleOrDefault();
if (entry is not null)
{
connection.Bind(entry.Dn, "{password}");
}
...
The Operations Error (91) would throw when we enumerated the search results. This is a very strange error because we could see that the connection was connected and bound and there were no relevant errors in the Active Directory event log.
"000004DC: LdapErr: DSID-0C090A7D, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839\0"
We started changing one thing at a time to try to get to the bottom of it and, at some point, we narrowed the search base by adding the users ou... and it started working?!
"ou=users,dc=example,dc=com"
We have no idea why... our Active Directory admin claims nothing has changed recently. The wider search base works on prior versions of this package.
We have not fully explored the server-side event logs yet or reproduced the issue with, say, ldapsearch.
Can you experiment using anything lower than TLS 1.2? Say, TLS 1.1?
Make sure any deprecated methods are not being used.
@AnthonyMastrean @dotdiego
Hello,
I'm trying to use this library to get informations on my users and validate their credentials. However i'm always getting a "Connect Error 91" on this search.
I'm able to get what i want using DirectorySearcher/DirectoryEntry.
I have some code like this :
Has anyone an idea to how I can troubleshoot that issue and make that search work ? I've used my server name with both format : "LDAP://DC=name,DC=server,DC=my" and my.server.name
Regards,
Novell.Directory.Ldap.NETStandard version : 3.6.0