3

I'm trying to build a feature to my .Net application to be able to talk to an LDAP server to read user attributes and authenticate users. I have setup a test directory server using OpenDS, added custom attributes and objects, and added users with the new object types. Everything works fine until I attempt to read the custom attribute values, I get : 

{"Unknown error (0x8000500c)"}
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)

I have tried suggestions from this post (using properly formed oids) as well as this post (using fully qualified domain name in your ldap path - i am using something like LDAP://mymachine.company.local/... ). Others have suggested that since the COM error code means E_ADS_CANT_CONVERT_DATATYPE there is something wrong with my attributes or schema, but the attributes are setup as DirectoryString, which there are other default fields of the same type that I can read.

I understand working with OpenDS will not work the same as Active Directory, I have a separate module for AD that is working fine, I'm just wondering if anyone has had experience with talking to OpenDS or Sun One LDAP implementations.

Thoughts? I can't find much on google dealing with OpenDS and .NET together which makes me think I should be doing something else. As I said the AD stuff works fine however I'd really like to be able to do this with OpenDS as well.

Thanks!

Rusty

Improve this question

2 Answers 2

Reset to default
0

Use a known good tool such as ldapsearch to verify that an LDAP client can indeed request and receive the entries and attributes desired. For example:

ldapsearch --hostname hostname \
           --port port \
           --bindDn your-auth-id \
           --bindPassword credentials-for-your-auth-id \
           --useSSL     \
           --trustAll \
           --baseDn your-base-object \
           --searchScope the-scope-you-use \
           '(&)' \
           your-custom-attribute-names

Use the same parameters as in the LDAP client code. If the above search succeeds, then the server is configured correctly, the entries are present, and the auth ID has permission to retrieve those entries and the custom attributes. Otherwise, they may be a problem in the LDAP client code.

see also

Improve this answer
1
  • Hi Terry, thanks for the suggestion. I used the ldapsearch utility installed with OpenDS and everything seems to be fine. I also downloaded Apache Directory Studio and that has no problem reading the custom attributes. I'm starting to think that the standard .net DirectoryServices libraries just wont work for this....aye.
    – rusty
    Commented Jun 12, 2012 at 18:27
0

I had this error trying to read a multi-value string from a linux OpenLdap database.

It seems like a bug as I found the error occurs on XP and Server 2003, but the same code on Windows 7 and Server 2008 returns the values, regardless of .NET versions installed.

However I found a work-around for C# using a more direct access. In addition to Directory.Services, you will need to add the reference, COM, 'Active DS Type Library'.

var dirEntry = new DirectoryEntry("ldapDn", "logonDn", "logonPass");
var nativeEntry = (ActiveDs.IADsPropertyList)dirEntry.NativeObject;
var propEntry = (ActiveDs.IADsPropertyEntry)nativeEntry.GetPropertyItem("attributeName", 3);
foreach (ActiveDs.IADsPropertyValue propValue in (object[])propEntry.Values)
{
    Debug.Print(propValue.CaseIgnoreString);
}

This was put together for my own simple needs, here is the full helper class used as a reference and also the AdsType Enums.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Not the answer you're looking for? Browse other questions tagged or ask your own question.