cee*_*man 11 .net c# novell ldap
我正在尝试使用Novell发布的库(Novell.Directory.Ldap).版本2.1.10.
到目前为止我做了什么:
我测试了与应用程序(LdapBrowser)的连接并且它正在工作,因此它不是通信问题.
它是用Mono编译的,但我正在使用Visual Studio.所以用源创建了一个项目.我还提到了对Mono.Security的引用,因为该项目取决于它.
我在连接的错误捕获部分中评论了一个调用(freeWriteSemaphore(semId);),因为它抛出了更多异常.我检查了那个调用做了什么,它只是一个错误跟踪机制.
我按照Novell(http://www.novell.com/coolsolutions/feature/11204.html)文档中提供的基本步骤进行操作.
//创建LdapConnection实例
LdapConnection ldapConn = new LdapConnection(); ldapConn.SecureSocketLayer = ldapPort == 636;
// Connect函数将创建与服务器的套接字连接
ldapConn.Connect(ldapHost,ldapPort);
//绑定功能将用户对象凭据绑定到服务器
ldapConn.Bind(用户DN,userPasswd);
现在它正在崩溃Bind()函数.我收到错误91.
那么,有人曾经使用过这个库并看到它有效吗?如果是这样,你做了什么让它工作,是否需要一些特殊的配置?有没有办法让它在没有Mono的.NET环境中工作(我可以引用Mono dll,但我不希望它安装在服务器上)?
(更新)连接在端口636上,因此使用SSL.我查看了WireShark的通信,并与我从LDAP浏览器中获得的内容进行了比较.我已经看到,SSL证书的通信步骤不是由LDAP库完成的.那么,让它做到它应该做的最好的方法是什么?
(更新)我检查了文档,它表明它不支持SSL.http://www.novell.com/coolsolutions/feature/11204.html
使用LdapConnection.Bind()对LDAP服务器进行身份验证.我们仅支持明文身份验证.尚未添加SSL/TLS支持.
但是文档的日期是2004年,从那时起,已经进行了许多更新.并且库中有一个参数来定义连接是否使用SSL.所以现在我很困惑.
(更新)找到了更新的文档:http://developer.novell.com/documentation//ldapcsharp/index.html?page = / documentation //ldapcsharp/cnet/data/bqwa5p0.html.建立SSL连接的方式是在服务器上注册证书.问题是我正在做的事情并没有绑定到特定的Novell服务器,因此必须动态获取证书.
小智 6
我来寻找类似问题的解决方案。当使用Novell网站上的相同代码时,我的bind命令也会失败。对我有用的解决方案是添加动态证书验证回叫。你可以在这里阅读。
// Creating an LdapConnection instance
LdapConnection ldapConn = new LdapConnection();
ldapConn.SecureSocketLayer = true;
ldapConn.UserDefinedServerCertValidationDelegate += new
CertificateValidationCallback(MySSLHandler);
//Connect function will create a socket connection to the server
ldapConn.Connect(ldapHost, ldapPort);
//Bind function will Bind the user object Credentials to the Server
ldapConn.Bind(userDN, userPasswd);
// Searches in the Marketing container and return all child entries just below this
//container i.e. Single level search
LdapSearchResults lsc = ldapConn.Search("ou=users,o=uga",
LdapConnection.SCOPE_SUB,
"objectClass=*",
null,
false);
while (lsc.hasMore())
{
LdapEntry nextEntry = null;
try
{
nextEntry = lsc.next();
}
catch (LdapException e)
{
Console.WriteLine("Error: " + e.LdapErrorMessage);
// Exception is thrown, go for next entry
continue;
}
Console.WriteLine("\n" + nextEntry.DN);
LdapAttributeSet attributeSet = nextEntry.getAttributeSet();
System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
while (ienum.MoveNext())
{
LdapAttribute attribute = (LdapAttribute)ienum.Current;
string attributeName = attribute.Name;
string attributeVal = attribute.StringValue;
Console.WriteLine(attributeName + "value:" + attributeVal);
}
}
ldapConn.Disconnect();
Console.ReadKey();
}
public static bool MySSLHandler(Syscert.X509Certificate certificate,
int[] certificateErrors)
{
X509Store store = null;
X509Stores stores = X509StoreManager.CurrentUser;
//string input;
store = stores.TrustedRoot;
X509Certificate x509 = null;
X509CertificateCollection coll = new X509CertificateCollection();
byte[] data = certificate.GetRawCertData();
if (data != null)
x509 = new X509Certificate(data);
return true;
}
UserDefinedServerCertValidationDelegate 已过时,因此如果是无效 ssl 证书的问题,您可以通过以下方式跳过证书验证:
LdapConnectionOptions options = new LdapConnectionOptions()
.ConfigureRemoteCertificateValidationCallback(new CertCallback((a, b, c, d) => true))
.UseSsl();
LdapConnection connection = new LdapConnection(options);
connection.Connect(...);
但是,您应该检查忽略证书是否是您的应用程序的安全解决方案。
我终于找到了一种方法来完成这项工作。
首先,这些帖子帮助我走上了正确的道路:http://directoryprogramming.net/forums/thread/788.aspx
其次,我获得了 Novell LDAP 库的已编译 dll,并使用了 Mono.Security.Dll。
解决方案:
我在代码中添加了这个函数
// This is the Callback handler - after "Binding" this is called
public bool MySSLHandler(Syscert.X509Certificate certificate, int[] certificateErrors)
{
X509Store store = null;
X509Stores stores = X509StoreManager.LocalMachine;
store = stores.TrustedRoot;
//Import the details of the certificate from the server.
X509Certificate x509 = null;
X509CertificateCollection coll = new X509CertificateCollection();
byte[] data = certificate.GetRawCertData();
if (data != null)
x509 = new X509Certificate(data);
//List the details of the Server
//if (bindCount == 1)
//{
Response.Write("<b><u>CERTIFICATE DETAILS:</b></u> <br>");
Response.Write(" Self Signed = " + x509.IsSelfSigned + " X.509 version=" + x509.Version + "<br>");
Response.Write(" Serial Number: " + CryptoConvert.ToHex(x509.SerialNumber) + "<br>");
Response.Write(" Issuer Name: " + x509.IssuerName.ToString() + "<br>");
Response.Write(" Subject Name: " + x509.SubjectName.ToString() + "<br>");
Response.Write(" Valid From: " + x509.ValidFrom.ToString() + "<br>");
Response.Write(" Valid Until: " + x509.ValidUntil.ToString() + "<br>");
Response.Write(" Unique Hash: " + CryptoConvert.ToHex(x509.Hash).ToString() + "<br>");
// }
bHowToProceed = true;
if (bHowToProceed == true)
{
//Add the certificate to the store. This is \Documents and Settings\program data\.mono. . .
if (x509 != null)
coll.Add(x509);
store.Import(x509);
if (bindCount == 1)
removeFlag = true;
}
if (bHowToProceed == false)
{
//Remove the certificate added from the store.
if (removeFlag == true && bindCount > 1)
{
foreach (X509Certificate xt509 in store.Certificates)
{
if (CryptoConvert.ToHex(xt509.Hash) == CryptoConvert.ToHex(x509.Hash))
{
store.Remove(x509);
}
}
}
Response.Write("SSL Bind Failed.");
}
return bHowToProceed;
}
我在绑定过程中使用了它
// Create Connection
LdapConnection conn = new LdapConnection();
conn.SecureSocketLayer = true;
Response.Write("Connecting to:" + ldapHost);
conn.UserDefinedServerCertValidationDelegate += new
CertificateValidationCallback(MySSLHandler);
if (bHowToProceed == false)
conn.Disconnect();
if (bHowToProceed == true)
{
conn.Connect(ldapHost, ldapPort);
conn.Bind(loginDN, password);
Response.Write(" SSL Bind Successfull ");
conn.Disconnect();
}
quit = false;
关键要素是使用 SSL Handler 动态获取证书,并使用 X509StoreManager.LocalMachine 以便在网站运行时能够保存和获取证书。
| 归档时间: |
|
| 查看次数: |
19469 次 |
| 最近记录: |