public void TestConnect3()
{
LdapServer serv = new LdapServer(new string[]{host}, port, false, false, null);
serv.Connect(10);
Assert.Throws<LdapException>(delegate
{
serv.Bind(new NetworkCredential("cn=Manager,dc=example,dc=com", "seret"));
}
);
}
public void TestConnect1()
{
LdapServer serv = new LdapServer(new string[] {host}, port, false, false, null);
serv.Connect(10);
serv.Bind();
}
public void TestConnect2()
{
LdapServer serv = new LdapServer(new string[] {host}, port, false, false, null);
serv.Connect(10);
serv.Bind(new NetworkCredential("cn=Manager,dc=example,dc=com", "secret"));
}
public BooleanResult Authenticate()
{
// Generate username (if we're not doing a search for it)
string userDN = null;
bool doSearch = Settings.Store.DoSearch;
if ( ! doSearch )
{
userDN = CreateUserDN();
}
X509Certificate2 serverCert = null;
bool useSsl = Settings.Store.UseSsl;
bool requireCert = Settings.Store.RequireCert;
string certFile = Settings.Store.ServerCertFile;
if( useSsl && requireCert && certFile.Length > 0 )
{
if (File.Exists(certFile))
{
m_logger.DebugFormat("Loading server certificate: {0}", certFile);
serverCert = new X509Certificate2(certFile);
}
else
{
m_logger.ErrorFormat("Certificate file {0} not found, giving up.", certFile);
return new BooleanResult{ Success = false, Message = "Server certificate not found" };
}
}
string[] hosts = Settings.Store.LdapHost;
int port = Settings.Store.LdapPort;
using (LdapServer serv = new LdapServer(hosts, port, useSsl, requireCert, serverCert))
{
try
{
// Connect. Note that this always succeeds whether or not the server is
// actually available. It not clear to me whether this actually talks to the server at all.
// The timeout only seems to take effect when binding.
int timeout = Settings.Store.LdapTimeout;
serv.Connect(timeout);
// If we're searching, attempt to bind with the search credentials, or anonymously
if (doSearch)
{
// Set this to null (should be null anyway) because we are going to search
// for it.
userDN = null;
try
{
// Attempt to bind in order to do the search
string searchDN = Settings.Store.SearchDN;
string searchPW = Settings.Store.GetEncryptedSetting("SearchPW");
if (searchDN.Length > 0)
{
NetworkCredential creds = new NetworkCredential(searchDN, searchPW);
m_logger.DebugFormat("Attempting to bind with DN: {0} for search", creds.UserName);
serv.Bind(creds);
}
else
{
m_logger.DebugFormat("Attempting to bind anonymously for search.");
serv.Bind();
}
// If we get here, a bind was successful, so we can search for the user's DN
userDN = FindUserDN(serv);
}
catch (LdapException e)
{
if (e.ErrorCode == 81)
{
m_logger.ErrorFormat("Server unavailable: {0}", e.Message);
}
else if (e.ErrorCode == 49)
{
m_logger.ErrorFormat("Bind failed: invalid credentials.");
}
else
{
m_logger.ErrorFormat("Exception ({0}) when binding for search: {1}", e.ErrorCode, e);
}
return new BooleanResult { Success = false, Message = "Unable to contact LDAP server." };
}
}
// If we've got a userDN, attempt to authenticate the user
if (userDN != null)
{
try
{
// Attempt to bind with the user's LDAP credentials
m_logger.DebugFormat("Attempting to bind with DN {0}", userDN);
NetworkCredential ldapCredential = new NetworkCredential(userDN, m_creds.Password);
serv.Bind(ldapCredential);
// If we get here, the authentication was successful, we're done!
m_logger.DebugFormat("LDAP DN {0} successfully bound to server, return success", ldapCredential.UserName);
return new BooleanResult { Success = true };
}
catch (LdapException e)
{
if (e.ErrorCode == 81)
{
m_logger.ErrorFormat("Server unavailable: " + e.Message);
return new BooleanResult { Success = false, Message = "Failed to contact LDAP server." };
}
else if (e.ErrorCode == 49)
{
m_logger.ErrorFormat("Bind failed for LDAP DN {0}: invalid credentials.", userDN);
return new BooleanResult { Success = false, Message = "Authentication via LDAP failed. Invalid credentials." };
}
else
{
m_logger.ErrorFormat("Exception ({0}) when binding for authentication: {1}", e.ErrorCode, e.Message);
return new BooleanResult { Success = false, Message = "Authentication via LDAP failed: " + e.Message };
}
}
} // end if(userDN != null)
}
catch (Exception e)
{
if (e is LdapException)
{
m_logger.ErrorFormat("LdapException ({0}): {1}", ((LdapException)e).ErrorCode, e);
}
else
{
m_logger.DebugFormat("Exception: {0}", e);
}
}
} // end using
return new BooleanResult{ Success = false, Message = "Authentication via LDAP failed." };
}
