We recently reorganized our LDAP directory and started identifying users (by DN) with uid=, as in:
uid=first.lastname, ou=users, o=ourorganization
This is a huge project with tens of thousands of users and high visibility. We instantiate System.Security.Cryptography.X509Certificates.X500DistinguishedName objects in our code in many places. In the past, our DN's used cn= as in:
cn=first.lastname, ou=users, o=ourorganization
Now the instantiation of the X500DistinguishedName is failing with the exception in the title of this forum entry.
I have isolated it to the fact that the DN now starts with uid=. This is perfectly legitimate, and in fact, Microsoft's site specifies that in some places. I suspect the .net api is filtering on what it considers to be valid RDN identifiers and it does not
include UID as one of them. I've created a test case, and all the typical ones work, just not uid.
Code example:
X500DistinguishedName xdn = new X500DistinguishedName("uid=first.last, ou=users, o=ourorg");
Edit: (by the way, why can't I paste into this window?)
Another developer used reflector to determine that the X500DistinguishedName constructor calls crypt32.dll CertStrToName function, which is returning the exception. The documentation on CertStrToName clearly does not include UID in the list of possible keys.
We feel this is a bug/fault/deficiency of .net since UID is clearly a legitimate RDN key.