ldap上的kerberos身份验证 [英] kerberos authentication over ldap

问题描述

Hello All，



我使用DirectoryServices.Protocols编写了控制台应用程序，用于通过ldap从活动目录中获取用户数据。我能够通过ssl，tls和basic（也不是ssl或tls）连接使用基本身份验证来获取数据。



但是当我尝试使用Kerberos身份验证连接到ldap服务器时，它会给出错误，因为提供的凭据无效。下面是相同的代码。我想知道相同的凭据正在用于基本身份验证，但它不适用于Kerberos身份验证。有人可以建议下面的代码或我需要做的任何设置有什么问题。

Hello All,

I have written console application using DirectoryServices.Protocols for fetching users data from active directory over ldap. I am able to fetch the data using basic authentication over ssl, tls and basic (nor ssl nor tls) connection.

But when I am trying to connect to the ldap server using the Kerberos authentication then it is giving me error as "Supplied credentials is invalid". below is the code for same. I am wondering that same credentials are working for basic authentication but its not working for Kerberos authentication. can someone please suggest what is wrong with the below code or any setting I need to do for the same.

var networkCredential = new NetworkCredential(connectionAccountName, connectionAccountPassword);
                    LdapDirectoryIdentifier ldapDirectoryIdentifier = null;

                    switch (connectionType)
                    {
                         case LDAPConnectionType.SSL:
                              ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, 636, true, false);
                              ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
                              ldapConnection.SessionOptions.ProtocolVersion = 3;
                              ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
                              ldapConnection.SessionOptions.SecureSocketLayer = true;

                              break;
                         case LDAPConnectionType.TLS:
                              ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, 389, true, false);
                              ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
                              ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
                              ldapConnection.SessionOptions.StartTransportLayerSecurity(null);

                              break;
                         default:
                              ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, 389, true, false);
                              ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
                              ldapConnection.SessionOptions.Sealing = true;
                              ldapConnection.SessionOptions.Signing = true;
                              ldapConnection.SessionOptions.ProtocolVersion = 3;                              


                              break;
                    }

                    ldapConnection.Bind();

谢谢



Umesh Tayade

Thanks

Umesh Tayade

推荐答案

这篇关于ldap上的kerberos身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！