none
In order to perform this operation a successful bind must be completed on the connection RRS feed

  • Question

  • I have a small class that wraps common ldap operations.  It is meant to be used for both AD and non-AD ldap implementations.  I've based the class on System.DirectoryServices.Protocols.  I've observed a strange issue with using S.DS.P against active directory when wiring up the LdapConnection to any specified domain controller and using credentials.

    If I specify the name of a particular (doesn't matter which one) domain controller (e.g. dc01.contoso.com) as the server instead of the domain fqdn (e.g. contoso.com) AND I use specified credentials, I will frequently, though not always, get an error when performing a search:

    000004DC: LdapErr: DSID-0C0907C2, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580

    This has NEVER happened if i pass the domain fqdn as the server.  It only happens when I pass the fqdn of any specific domain controller.

    This is the constructor of the class

            public LdapClient(string server, int port, string userName, string password)
            {
    
                var ldapDirectoryIdentifier = new LdapDirectoryIdentifier(server, port);
                Connection = new LdapConnection(ldapDirectoryIdentifier);
    
                if (!string.IsNullOrEmpty(userName))
                {
                    var networkCredential = new NetworkCredential(userName, password);
                    Connection.AuthType = AuthType.Basic;
                    Connection.Credential = networkCredential;
                }
    
                Connection.SessionOptions.ProtocolVersion = 3;
                Connection.SessionOptions.SecureSocketLayer = false;
                Connection.Bind();
    
    
            }

    Here is the search routine (the bolded/italicized/underlined line is what generates the error)

    public IEnumerable<SearchResultEntry> Search(string filter, string searchBase, SearchScope searchScope, IEnumerable<string> propertiesToLoad)
            {
                var complete = false;
                var searchRequest = new SearchRequest
                {
                    Filter = filter,
                    Scope = searchScope,
                    DistinguishedName = searchBase
                };
    
                if(null != propertiesToLoad && propertiesToLoad.Count() > 0)
                {
                    searchRequest.Attributes.AddRange(propertiesToLoad.ToArray());
                }
    
                var pageResultRequestControl = new PageResultRequestControl(1000);
                searchRequest.Controls.Add(pageResultRequestControl);
    
                while (complete != true)
                {
                    var result = Connection.SendRequest(searchRequest) as SearchResponse;
                    foreach (DirectoryControl control in result.Controls)
                    {
                        if (control is PageResultResponseControl)
                        {
                            pageResultRequestControl.Cookie = ((PageResultResponseControl)control).Cookie;
                            complete = (pageResultRequestControl.Cookie.Length == 0)
                                     ? true
                                     : false;
    
                            break;
                        }
                    }
    
                    foreach (SearchResultEntry sr in result.Entries)
                    {
                        yield return sr;
                    }
    
                }
            }

    I'm trying to determine why, in AD, I can't specify a specific domain controller without frequent errors.


    ck


    Tuesday, May 21, 2019 7:03 PM

All replies

  • Hi ckJustReading,

    Thank you for posting here.

    For your question, what is the code you used for domain controller? The same code with the server? What is the domain? The domain of you current computer or another domain?

    Could you give the details with filter, searchScope, searchBase for me to test?

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, May 23, 2019 2:39 AM
    Moderator