未知的错误（0x80005000）与LDAPS连接 [英] Unknown Error (0x80005000) with LDAPS Connection

问题描述

我已经被困的最后几个小时的一个恼人的Active Directory位。

I've been stuck for the last couple of hours on an annoying Active Directory bit.

我想要做到的是通过LDAP连接到Active Directory通过SSL。认证类型是匿名的。我使用的.NET Framework 4.0，C＃和Visual Studio 2010。

What I'm trying to accomplish is connect to an Active Directory via LDAP over SSL. The authentication type is anonymous. I'm using .NET Framework 4.0, C# and Visual Studio 2010.

下面code应根据各种在线资源的工作。但它一直想出惊人不言自明的：未知错误（0x80005000）

The following code should work according to various online resources. But it keeps coming up with the amazing self-explanatory: 'Unknown Error (0x80005000)'.

DirectoryEntry entry = new DirectoryEntry();
entry.Path = "LDAPS://some.ldap.server:636";
entry.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;

DirectorySearcher searcher = new DirectorySearcher();
searcher.searchRoot = entry;
searcher.Filter = "(&(objectCategory=person)(objectClass=user))";

SearchResultCollection results = searcher.FindAll();

我已经简化我想执行的一个你发现在code中的实际查询。但是，即使有这样的通用查询（它应该在每一个广告复出之作？），则返回错误。

I've simplified the actual query I want to perform to the one you find in the code. But even with this generic query (it should return work on every AD?) it returns the error.

推荐答案

终于来了！

看来，一个ASP.NET应用程序没有权利（或不知道如何）检查设备级的受信任的证书存储区。因为证书是自签名的ASP.NET应用程序拒绝建立连接。

It seems that an ASP.NET application does not have the rights (or doesn't know how) to examine the trusted certificate store at machine level. Since the certificate was self-signed the ASP.NET application refused to establish a connection.

我固定使用自定义证书验证的问题。 下面code的伎俩：

I fixed the problem using custom certificate validation. The following code did the trick:

LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier("server", port));
con.SessionOptions.SecureSocketLayer = true;
con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
con.Credential = new NetworkCredential(String.Empty, String.Empty);
con.AuthType = AuthType.Basic;
con.Bind();

因为我相信证书是有效的，在ServerCallBack方法是这样的：

Since I am sure the certificate is valid, the ServerCallBack method looks like this:

public static bool ServerCallBack(LdapConnection connection, X509Certificate certificate)
{
    return true;
}

但是，你可以随时当然检索本地计算机证书并验证它。

But you can always of course retrieve the certificate from the local machine and validate it.

在本实施例中所用的命名空间是：

The namespace used in this example is:

System.DirectoryServices.Protocols;

这是因为命名空间：

System.DirectoryServices.DirectoryEntry

不包含自定义证书验证的方法。

does not contain a method for custom certificate validation.

谢谢大家的帮助和时间，并希望这将帮助别人的未来！

这篇关于未知的错误（0x80005000）与LDAPS连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！