- ABP Framework version: 5.14
- UI type: Angular / MVC / Blazor: MVC
- DB provider: EF Core / MongoDB: EFCore
- Tiered (MVC) or Identity Server Separated (Angular): yes / no Yes
- Exception message and stack trace: LdapForNet.LdapInvalidCredentialsException: 'Invalid Credentials. Invalid Credentials. Result: 49. Method: ldap_parse_result. Details: errorMessage: 8009030C: LdapErr: DSID-0C090447, comment: AcceptSecurityContext error, data 2030, v3839 matchedMessage: '
- Steps to reproduce the issue:"This exception was originally thrown at this call stack: LdapForNet.Native.LdapNative.ThrowIfError(System.Runtime.InteropServices.SafeHandle, int, string, System.Collections.Generic.IDictionary<string, string>) LdapForNet.LdapConnection.ThrowIfParseResultError(System.IntPtr) LdapForNet.LdapConnection.BindAsync(LdapForNet.Native.Native.LdapAuthType, LdapForNet.LdapCredential) System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task) System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task) System.Runtime.CompilerServices.TaskAwaiter.GetResult() AbpLdapSample.Program.Main(string[]) in Program.cs
I have refer below and nothing found solution. we are getting same issue Can you please provide updated fix? https://support.abp.io/QA/Questions/754/How-To-use--LDAP-authentication
sample out side https://www.codemag.com/article/1312041/Using-Active-Directory-in-.NET
6 Answer(s)
-
0
hi
You can see this: https://docs.abp.io/en/commercial/5.1/modules/account/ldap
Test application
Testing the LDAP configuration using your application might be complicated. Therefore you can use our test application. The following dotnet console app is for testing your LDAP configuration. Before using the configuration, test in this app and see if it works.
https://github.com/abpframework/abp-samples/tree/master/AbpLdapSample
-
0
Hi maliming,
As you see code/error getting from sample application(https://github.com/abpframework/abp-samples/tree/master/AbpLdapSample). we followed same document to enable the ldap. now we are getting same issue as (https://support.abp.io/QA/Questions/754/How-To-use--LDAP-authentication) for that and this issue looking for answer.
-
0
hi
The error from
LdapForNet.LdapConnection.BindAsync
You can see its document: https://github.com/flamencist/ldap4net#bindAsync Change the call parameters of this method based on your LDAP server settings.
-
0
as sample below bind =BindAsync working cn.Bind(LdapAuthType.Digest, new LdapCredential { UserName = "username", Password = "clearTextPassword", AuthorizationId = "u:admin" });
how can i override from abp?
--- admin auth vs were abp override method?? await ldapConnection.BindAsync(LdapAuthType.Negotiate, new LdapCredential { // Configure username according to your LDAP config: // cn=admin,dc=abp,dc=com or just username. UserName = adminUserName, Password = adminPassword, AuthorizationId = baseDc,
});--- user auth as below sample abp override method??
var searchResults = await ldapConnection.SearchAsync(baseDc, $"(&(objectClass=user)(cn={testUserName}))");
//var searchResults = await ldapConnection.SearchAsync(baseDc, $"(&(uid={testUserName}))"); Console.WriteLine(); Console.WriteLine($"{testUserName} attributes:"); var userEntry = searchResults.First(); Console.WriteLine(string.Join(", ", userEntry.ToDirectoryEntry().Attributes)); await ldapConnection.BindAsync(Native.LdapAuthType.Simple, new LdapCredential { UserName = userEntry.Dn, Password = testPassword });
here abp - not sure which one has user auth and admin auth call.. after that it make the entry in user table
public class LdapManager : ILdapManager, ITransientDependency { public ILogger<LdapManager> Logger { get; set; } protected ILdapSettingProvider LdapSettingProvider { get; }
public LdapManager(ILdapSettingProvider ldapSettingProvider) { LdapSettingProvider = ldapSettingProvider; Logger = NullLogger<LdapManager>.Instance; } public virtual async Task<bool> AuthenticateAsync(string username, string password) { try { using (var conn = await CreateLdapConnectionAsync()) { await AuthenticateLdapConnectionAsync(conn, username, password); return true; } } catch (Exception ex) { Logger.LogException(ex); return false; } } protected virtual async Task<ILdapConnection> CreateLdapConnectionAsync() { var ldapConnection = new LdapConnection(); await ConfigureLdapConnectionAsync(ldapConnection); await ConnectAsync(ldapConnection); return ldapConnection; } protected virtual Task ConfigureLdapConnectionAsync(ILdapConnection ldapConnection) { return Task.CompletedTask; } protected virtual async Task ConnectAsync(ILdapConnection ldapConnection) { ldapConnection.Connect(await LdapSettingProvider.GetServerHostAsync(), await LdapSettingProvider.GetServerPortAsync()); } protected virtual async Task AuthenticateLdapConnectionAsync(ILdapConnection connection, string username, string password) { await connection.BindAsync(Native.LdapAuthType.Simple, new LdapCredential() { UserName = username, Password = password }); }
}
-
0
For --admin/host auth below bindasync await ldapConnection.BindAsync(LdapAuthType.Negotiate, new LdapCredential { // Configure username according to your LDAP config: // cn=admin,dc=abp,dc=com or just username. UserName = adminUserName, Password = adminPassword, AuthorizationId = baseDc,
});For - user auth below bindasync await ldapConnection.BindAsync(LdapAuthType.Simple, new LdapCredential { UserName = userEntry.Dn, Password = testPassword, });
i would need two method in abp??
-
0
You can use try catch to try twice.