通过SSL连接到打开的LDAP [英] Connect to open LDAP over ssl

问题描述

我在一个用于重置LDAP用户密码的网站上工作.我无法通过ssl与服务器建立连接.我尝试了各种代码和身份验证类型.

I am working on a website which is used to reset password of LDAP users. I am not able to make connection with server over ssl. I tried various code and authentication types.

这是在服务器上用于与托管网站的LDAP连接的方式.我还用两个ssl端口对其进行了测试. 636和3269.

This is what used on server for connectivity with LDAP on which website is hosted. I also tested it with both ssl ports. 636 and 3269.

0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity?, NEGOTIATE (1158)); v.3

{NtAuthIdentity?: User='_ldapuser'; Pwd='unavailable';; domain = 'SJTPNOC.DOMAIN'}

我正在网站上使用以下代码

I am using following code in website

LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier("SJTP.DOMAIN",636));

connection.SessionOptions.ProtocolVersion = 3;

connection.AuthType = AuthType.Basic;

connection.Credential = new NetworkCredential("CN=user,CN=Users,DC=SJTPNOC,DC=DOMAIN", "password","CN=Users,DC=SJTPNOC,DC=DOMAIN");

connection.SessionOptions.SecureSocketLayer=true;

connection.Bind();

获取异常"LDAP服务器不可用".我用389端口尝试了该代码 并没有ssl，并且工作正常.

Getting exception "LDAP server is unavailable". I tried that code with 389 port and without ssl and it's working fine.

请让我知道怎么了.

推荐答案

如果您只希望加密并且不需要ldap服务器的强身份验证，也许您应该添加:

If you only want encryption and do not need strong authentication of the ldap server, maybe you should add :

connection.SessionOptions.VerifyServerCertificate =
                new VerifyServerCertificateCallback((con, cer) => true);

这篇关于通过SSL连接到打开的LDAP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！