LDAP Basic auth over SSL using S.DS.P

5 December, 2008 § Leave a comment

I recently ran in to an issue where self-signed certificates were causing an LdapException to be thrown. The LdapException simply said “The LDAP server is unavailable.” Pretty ambiguous, huh? Well, long story short, the LDAP server had been configured with a self-signed SSL certificate, and that certificate wasn’t trusted on the machine I was using. How could I check this?

Well, there’s two ways to check this.

1.) I opened up the certificate manager and checked. Using Vista, click the Start menu and type “certmgr.msc” in the text field. Hit Enter and it will bring up the Certificate Manager for the machine. You can look for the certificate within a number of the folders shown.

2.) I added a callback method to the LdapConnection.SessionOptions variable. This turned out to be a necessary add for the future because I can now fully understand and report to a user why the connection was bad.

To do this I wrote a method with this signature:

private bool VerifyServerCertificate(LdapConnection ldapConnection,
                                     X509Certificate certificate)
{
   X509Certificate2 certificate2 = new X509Certificate2( certificate );
   return certificate2.Verify();
}

I then added the callback like so:

ldapConnection.SessionOptions.VerifyServerCertificate =
   new VerifyServerCertificateCallback( VerifyServerCertificate );

Debugging the code allowed me to see that it was actually the certificate that was invalid and not something with the network or other parts of my code. I’m sure this has got to be helpful for someone else out there. LdapConnection.SessionOptions has a lot of necessary methods and members inside of it. Take a peek around and you may find something you never knew about before.

Tagged: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

What’s this?

You are currently reading LDAP Basic auth over SSL using S.DS.P at JAWS.

meta