Open Closed

LDAP Connect issue #2864


User avatar
0
vijay.nallala created
  • ABP Framework version: 5.14
  • UI type: Angular / MVC / Blazor: MVC
  • DB provider: EF Core / MongoDB: EFCore
  • Tiered (MVC) or Identity Server Separated (Angular): yes / no Yes
  • Exception message and stack trace: LdapForNet.LdapInvalidCredentialsException: 'Invalid Credentials. Invalid Credentials. Result: 49. Method: ldap_parse_result. Details: errorMessage: 8009030C: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 2030, v3839 matchedMessage: '
  • Steps to reproduce the issue:"This exception was originally thrown at this call stack: LdapForNet.Native.LdapNative.ThrowIfError(System.Runtime.InteropServices.SafeHandle, int, string, System.Collections.Generic.IDictionary<string, string>) LdapForNet.LdapConnection.ThrowIfParseResultError(System.IntPtr) LdapForNet.LdapConnection.BindAsync(LdapForNet.Native.Native.LdapAuthType, LdapForNet.LdapCredential) System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) System.Runtime.CompilerServices.TaskAwaiter.GetResult() AbpLdapSample.Program.Main(string[]) in Program.cs

I have refer below and nothing found solution. we are getting same issue Can you please provide updated fix? https://support.abp.io/QA/Questions/754/How-To-use--LDAP-authentication

sample out side https://www.codemag.com/article/1312041/Using-Active-Directory-in-.NET


6 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can see this: https://docs.abp.io/en/commercial/5.1/modules/account/ldap

    Test application

    Testing the LDAP configuration using your application might be complicated. Therefore you can use our test application. The following dotnet console app is for testing your LDAP configuration. Before using the configuration, test in this app and see if it works.

    https://github.com/abpframework/abp-samples/tree/master/AbpLdapSample

  • User Avatar
    0
    vijay.nallala created

    Hi maliming,

    As you see code/error getting from sample application(https://github.com/abpframework/abp-samples/tree/master/AbpLdapSample). we followed same document to enable the ldap. now we are getting same issue as (https://support.abp.io/QA/Questions/754/How-To-use--LDAP-authentication) for that and this issue looking for answer.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The error from LdapForNet.LdapConnection.BindAsync

    You can see its document: https://github.com/flamencist/ldap4net#bindAsync Change the call parameters of this method based on your LDAP server settings.

  • User Avatar
    0
    vijay.nallala created

    as sample below bind =BindAsync working cn.Bind(LdapAuthType.Digest, new LdapCredential { UserName = "username", Password = "clearTextPassword", AuthorizationId = "u:admin" });

    how can i override from abp?

    --- admin auth vs were abp override method?? await ldapConnection.BindAsync(LdapAuthType.Negotiate, new LdapCredential { // Configure username according to your LDAP config: // cn=admin,dc=abp,dc=com or just username. UserName = adminUserName, Password = adminPassword, AuthorizationId = baseDc,
    });

    --- user auth as below sample abp override method??

    var searchResults = await ldapConnection.SearchAsync(baseDc, $"(&(objectClass=user)(cn={testUserName}))");

                    //var searchResults = await ldapConnection.SearchAsync(baseDc, $"(&(uid={testUserName}))");
                    Console.WriteLine();
                    Console.WriteLine($"{testUserName} attributes:");
                    
                    var userEntry = searchResults.First();
                    Console.WriteLine(string.Join(", ", userEntry.ToDirectoryEntry().Attributes));
    
                    await ldapConnection.BindAsync(Native.LdapAuthType.Simple, new LdapCredential
                    {
                        UserName = userEntry.Dn,
                        Password = testPassword
                    });
    

    here abp - not sure which one has user auth and admin auth call.. after that it make the entry in user table

    public class LdapManager : ILdapManager, ITransientDependency { public ILogger<LdapManager> Logger { get; set; } protected ILdapSettingProvider LdapSettingProvider { get; }

    public LdapManager(ILdapSettingProvider ldapSettingProvider)
    {
        LdapSettingProvider = ldapSettingProvider;
        Logger = NullLogger&lt;LdapManager&gt;.Instance;
    }
    
    public virtual async Task&lt;bool&gt; AuthenticateAsync(string username, string password)
    {
        try
        {
            using (var conn = await CreateLdapConnectionAsync())
            {
                await AuthenticateLdapConnectionAsync(conn, username, password);
                return true;
            }
        }
        catch (Exception ex)
        {
            Logger.LogException(ex);
            return false;
        }
    }
    
    protected virtual async Task&lt;ILdapConnection&gt; CreateLdapConnectionAsync()
    {
        var ldapConnection = new LdapConnection();
        await ConfigureLdapConnectionAsync(ldapConnection);
        await ConnectAsync(ldapConnection);
        return ldapConnection;
    }
    
    protected virtual Task ConfigureLdapConnectionAsync(ILdapConnection ldapConnection)
    {
        return Task.CompletedTask;
    }
    
    protected virtual async Task ConnectAsync(ILdapConnection ldapConnection)
    {
        ldapConnection.Connect(await LdapSettingProvider.GetServerHostAsync(), await LdapSettingProvider.GetServerPortAsync());
    }
    
    protected virtual async Task AuthenticateLdapConnectionAsync(ILdapConnection connection, string username, string password)
    {
        await connection.BindAsync(Native.LdapAuthType.Simple, new LdapCredential()
        {
            UserName = username,
            Password = password
        });
    }
    

    }

  • User Avatar
    0
    vijay.nallala created

    For --admin/host auth below bindasync await ldapConnection.BindAsync(LdapAuthType.Negotiate, new LdapCredential { // Configure username according to your LDAP config: // cn=admin,dc=abp,dc=com or just username. UserName = adminUserName, Password = adminPassword, AuthorizationId = baseDc,
    });

    For - user auth below bindasync await ldapConnection.BindAsync(LdapAuthType.Simple, new LdapCredential { UserName = userEntry.Dn, Password = testPassword, });

    i would need two method in abp??

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    You can use try catch to try twice.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11