ldap上的kerberos身份验证 [英] kerberos authentication over ldap
问题描述
Hello All,
我使用DirectoryServices.Protocols编写了控制台应用程序,用于通过ldap从活动目录中获取用户数据。我能够通过ssl,tls和basic(也不是ssl或tls)连接使用基本身份验证来获取数据。
但是当我尝试使用Kerberos身份验证连接到ldap服务器时,它会给出错误,因为提供的凭据无效。下面是相同的代码。我想知道相同的凭据正在用于基本身份验证,但它不适用于Kerberos身份验证。有人可以建议下面的代码或我需要做的任何设置有什么问题。
Hello All,
I have written console application using DirectoryServices.Protocols for fetching users data from active directory over ldap. I am able to fetch the data using basic authentication over ssl, tls and basic (nor ssl nor tls) connection.
But when I am trying to connect to the ldap server using the Kerberos authentication then it is giving me error as "Supplied credentials is invalid". below is the code for same. I am wondering that same credentials are working for basic authentication but its not working for Kerberos authentication. can someone please suggest what is wrong with the below code or any setting I need to do for the same.
var networkCredential = new NetworkCredential(connectionAccountName, connectionAccountPassword);
LdapDirectoryIdentifier ldapDirectoryIdentifier = null;
switch (connectionType)
{
case LDAPConnectionType.SSL:
ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, 636, true, false);
ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
ldapConnection.SessionOptions.ProtocolVersion = 3;
ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
ldapConnection.SessionOptions.SecureSocketLayer = true;
break;
case LDAPConnectionType.TLS:
ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, 389, true, false);
ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
ldapConnection.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
ldapConnection.SessionOptions.StartTransportLayerSecurity(null);
break;
default:
ldapDirectoryIdentifier = new LdapDirectoryIdentifier(ldapServerName, 389, true, false);
ldapConnection = new LdapConnection(ldapDirectoryIdentifier, networkCredential, authType);
ldapConnection.SessionOptions.Sealing = true;
ldapConnection.SessionOptions.Signing = true;
ldapConnection.SessionOptions.ProtocolVersion = 3;
break;
}
ldapConnection.Bind();
谢谢
Umesh Tayade
Thanks
Umesh Tayade
推荐答案
这篇关于ldap上的kerberos身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!