I've been using this implementation for authenticating patrons with iPlanet, which is built from the SUN stack, so it should work against an Oracle Directory server as well. For customization and some of the lower level specifics, I'm a huge fan of the System.DirectoryServices
and System.DirectoryServices.Protocols
libraries, especially when working with non-AD directory servers :
// build your server name - we'll use 'serverName.dev.domain.com' and port 389
var BuildServerName = new StringBuilder();
BuildServerName.Append("serverName.dev.domain.com");
BuildServerName.Append(":" + Convert.ToString(389));
// setup an ldapconnection to that endpoint
var ldapConnection = new LdapConnection(BuildServerName.ToString());
Now we need to detail some information about this connection :
// it looks like you have an administrative account to bind with, so use that here
var networkCredential = new NetworkCredential("userName", "password", "dc=MyDomainName,dc=net");
// set the following to true if it's over ssl (636), if not just set it to false
ldapConnection.SessionOptions.SecureSocketLayer = SSL;
ldapConnection.SessionOptions.VerifyServerCertificate += delegate { return true; };
// now set your auth type - I typically use 'negotiate' over LDAPS, and `simple` over LDAP
// for this example we'll just say you're not using LDAPS
ldapConnection.AuthType = AuthType.Basic;
ldapConnection.Bind(networkCredential);
Now you should be bound to the directory, which means you can search it using the SearchRequest
object. Here is an example of how I use it :
// setup a new search request
var findThem = new SearchRequest();
findThem.Filter = "This is where you need to construct a filter for what you're looking for"
findThem.Scope = System.DirectoryServices.Protocols.SearchScope.Subtree;
// we'll execute a search using the binded administrative user
var searchresults = (SearchResponse) ldapConnection.SendRequest(findThem);
// this will contain entries if your search filter returned any results
if(searchresults.Entries.Count >= 1)
{
// here are your list of returned entries
SearchResultEntryCollection entries = searchresults.Entries;
// do some work\extraction on them
}
The last part here is your actual LDAP filter. If you wanted to search within your domain for a user with a uid
of userName
, your filter would be :
findthem.Filter = "(uid=username)";
If you want to combine say an objectClass
with a specific attribute, you would do :
findthem.Filter = "(&(objectClass=user)(uid=username))";
And here are some good links on filtering :
LDAP Filtering Syntax
LDAP Query Basics
Oracle LDAP Search Filters