That makes sense, I just dont know how to work with certificates i guess.
But
hopefully our customers trying to integrate LDAP authentication with our
application will....I guess I need to provide configuration options for
using
SSL, the LDAP Search Root, and the Server Context
My authentication code is as follows: using S.DS.P objects
LdapConnection con = new LdapConnection(new
LdapDirectoryIdentifier(this.SearchRoot), new
System.Net.NetworkCredential(string.Empty, string.Empty), AuthType.Basic);
con.SessionOptions.SecureSocketLayer = this.UseSSL;
using (con)
{
con.Bind();
SearchRequest request = new SearchRequest("o=" + this.Context,
"(uid="
+ this.tbUserName.Text + ")",
System.DirectoryServices.Protocols.SearchScope.Subtree);
SearchResponse response = (SearchResponse)con.SendRequest(request);
SearchResultEntry entry = response.Entries[0];
string dn = entry.DistinguishedName;
con.Credential = new NetworkCredential(dn, this.tbPassword.Text);
con.Bind();
}
in local testing i also have a line
con.SessionOptions.VerifyServerCertificate = new
VerifyServerCertificateCallback(ServerCallback);
which simply returns true because i cant seem to get my certificates
validated.
"Lance R" wrote:
> On Aug 6, 1:23 pm, nelsonad <nelso...@[EMAIL PROTECTED]
>
> wrote:
> > I figured out that i was using the wrong value for ldap-server...i had
been
> > trying servername-nds but it should just be servername, so then i ran
the
> > query and got an exception of: server certificate verification failed.
> > Connection aborted.
>
> Yep, I can help with this.
>
> In order to be the most secure, the component can't just accept any
> old SSL certificate unless one of the following is true:
>
> 1. The server machine automatically trusts it (the cert issuers
> public key is installed in the trusted root certificate store)
>
> 2. You tell it to accept it by setting the SSLAcceptServerCert
> property before attempting to connect. If initially you don't have
> such a setting, the component will provide the server certificate to
> you for your inspection in the SSLServerCert property when you attempt
> to bind. If you trust this certificate, you can then set the
> SSLAcceptServerCert to this same certificate before making future
> requests.
>
> 3. If you're using the SSLServerAuthentication event, you can inspect
> the server certificate right there, and set the Accept parameter to
> true to go ahead and accept the certificate and continue with the
> connection.
>
> Lance
> http://www.lancerobinson.net/
>
>
|
