LDAP Basic auth over SSL using S.DS.P

I recently ran in to an issue where self-signed certificates were causing an LdapException to be thrown. The LdapException simply said “The LDAP server is unavailable.” Pretty ambiguous, huh? Well, long story short, the LDAP server had been configured with a self-signed SSL certificate, and that certificate wasn’t trusted on the machine I was using. How could I check this?

Well, there’s two ways to check this.

1.) I opened up the certificate manager and checked. Using Vista, click the Start menu and type “certmgr.msc” in the text field. Hit Enter and it will bring up the Certificate Manager for the machine. You can look for the certificate within a number of the folders shown.

2.) I added a callback method to the LdapConnection.SessionOptions variable. This turned out to be a necessary add for the future because I can now fully understand and report to a user why the connection was bad.

To do this I wrote a method with this signature:

private bool VerifyServerCertificate(LdapConnection ldapConnection,
                                     X509Certificate certificate)
{
   X509Certificate2 certificate2 = new X509Certificate2( certificate );
   return certificate2.Verify();
}

I then added the callback like so:

ldapConnection.SessionOptions.VerifyServerCertificate =
   new VerifyServerCertificateCallback( VerifyServerCertificate );

Debugging the code allowed me to see that it was actually the certificate that was invalid and not something with the network or other parts of my code. I’m sure this has got to be helpful for someone else out there. LdapConnection.SessionOptions has a lot of necessary methods and members inside of it. Take a peek around and you may find something you never knew about before.