Thanks for everything. I forwarded theses recomendations to our developpers.
KR, SL -----Message d'origine----- De : Jim Willeke [mailto:[email protected]] Envoyé : mercredi 23 février 2011 13:24 À : [email protected] Cc : Laporte Sylvain (GIE) Objet : Re: Querying Apache DS via .NET C# DirectorySearcher Check out: http://msdn.microsoft.com/en-us/library/system.directoryservices.protocols.ldapconnection.aspx You might try something like: NetworkCredential oCred = new NetworkCredential( strLdapUserId, strLdapPassword ); LdapConnection oLdapConnection = new LdapConnection( new LdapDirectoryIdentifier( strLdapServer, true, false ), oCred ); oLdapConnection.AuthType = AuthType.Basic; oLdapConnection.SessionOptions.ProtocolVersion = 3; oLdapConnection.Bind(); If the "bind" works, then you should be good. No Search is performed. -jim Jim Willeke On Wed, Feb 23, 2011 at 6:41 AM, Laporte Sylvain (GIE) <[email protected]> wrote: > > Thank you, > > In deed, our developper is new to querying LDAP with C# and did not > manage to set the BaseDN to anything else than root. C# and Directory > Services classes seem to be quite weird on this side. > Anyway, he tried modifying the scope to base object only and did not > get this exception. > > The purpose of the non sense query is that, in this case, we only need > to validate the bind step so we don't care about searching the whole tree or > retreiving some results. > But we are aware that we are likely to face the problem again in the > furture, when we'll actually have to retreive some information... Then our > dev will have to get through this BaseDN thing. > > Thank you all for your help. > > KR, > > -----Message d'origine----- > De : Emmanuel Lecharny [mailto:[email protected]] Envoyé : mercredi > 23 février 2011 10:29 À : [email protected] Objet : Re: > Querying Apache DS via .NET C# DirectorySearcher > > On 2/23/11 9:49 AM, Laporte Sylvain (GIE) wrote: > > Hi, > > > > Thanks for your reply. > > We are using v1.5.7 with Java 1.6 update 23 > > > > When talking about "an old issue related to sub level searching on > > RootDSE", do you think that restricting the search on the OU or at least on > > the domain could help solve the problem? > Just try starting on another naming context than RootDSE. Your baseDN is > empty, searching from 'dc=myDomain,dc=myTLD' could work. > > Also, searching the whole tree with a size limit set to 1 and a filter set to > (ObjectClass=*) does not make a lot of sense, but this is another story... > > Thanks > > > > > > > > -----Message d'origine----- > > De : [email protected] [mailto:[email protected]] De la > > part de Kiran Ayyagari Envoyé : mardi 22 février 2011 21:13 À : > > [email protected] Objet : Re: Querying Apache DS via .NET > > C# DirectorySearcher > > > > hi Laporte, > > > > Which version you are using? I guess you are encountering an old > > issue related to sub level searching on RootDSE, a fix for this > > issue > > was committed to the trunk quite sometime back, may be you can test your > > program against the server built from trunk sources. > > > > On Tue, Feb 22, 2011 at 9:22 PM, Laporte Sylvain > > (GIE)<[email protected]> wrote: > >> Hi all, > >> > >> > >> > >> We've just implemented Apache Directory Server on one of our > >> Windows > >> 2008 Servers. > >> > >> Some of our developpers have to create a C# web service that query > >> this new ApacheDS directory using the DirectorySearcher class. > >> > >> > >> > >> When he comes to query the LDAP directory, he gets a strange > >> message on his side:< A network peripheral is not functionning> > >> > >> Switching the logs to DEBUG, I can see that the bind performs well, > >> but the search throws a java exception when ADS is handling the request : > >> > >> > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - OTHER: failed for SearchRequest > >> > >> baseDn : '' > >> > >> filter : '(2.5.4.0=*:[3232])' > >> > >> scope : whole subtree > >> > >> typesOnly : false > >> > >> Size Limit : 1 > >> > >> Time Limit : no limit > >> > >> Deref Aliases : never Deref Aliases > >> > >> attributes : 'objectclass', 'cn' > >> > >> : -1 > >> > >> java.lang.ArrayIndexOutOfBoundsException: -1 > >> > >> > >> > >> ADS adds a< : -1> at the end of the request although the original > >> search request seems to be well received : > >> > >> > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - Handling single reply request: SearchRequest > >> > >> baseDn : '' > >> > >> filter : '(objectClass=*)' > >> > >> scope : whole subtree > >> > >> typesOnly : false > >> > >> Size Limit : 1 > >> > >> Time Limit : no limit > >> > >> Deref Aliases : never Deref Aliases > >> > >> attributes : 'objectclass', 'cn' > >> > >> > >> > >> The transaction is although very simple : > >> > >> > >> > >> //Declares the Directory entry object > >> > >> DirectoryEntry Ldap = new DirectoryEntry(_ldapserver, _bindDN, > >> _password, AuthenticationTypes.None); > >> > >> try > >> > >> { > >> > >> //Declares the search object > >> > >> DirectorySearcher search = new DirectorySearcher(Ldap); > >> > >> // Adds a filter > >> > >> search.Filter = "(objectClass=*)"; // version APACHE > >> > >> //Defines the attributes to retrieve > >> > >> search.PropertiesToLoad.Add("objectClass"); > >> > >> search.PropertiesToLoad.Add("cn"); > >> > >> //Performs the search > >> > >> SearchResult result = search.FindOne(); > >> > >> } > >> > >> > >> > >> Can anybody help? I cannot understand where does this ": -1" come > >> from as it doesn't appear using Apache Directory Studio. > >> > >> > >> > >> If useful the full query log is following... > >> > >> > >> > >> Thank you very much, > >> > >> > >> > >> S. Laporte > >> > >> ------------------------------- > >> > >> > >> > >> > >> > >> [15:40:39] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - Handling single reply request: SearchRequest > >> > >> baseDn : > >> 'cn=myBindUser,ou=myBindOU,ou=anotherOU,dc=myDomain,dc=myTLD' > >> > >> filter : '(objectClass=*)' > >> > >> scope : single level > >> > >> typesOnly : false > >> > >> Size Limit : 1000 > >> > >> Time Limit : no limit > >> > >> Deref Aliases : deref Always > >> > >> attributes : 'hassubordinates', 'objectclass' > >> > >> > >> > >> [15:40:39] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - ManageDsaITControl NOT detected. > >> > >> [15:40:39] DEBUG > >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Entry > >> cn=myBindUser,ou=myBindOU,ou=anotherOU,dc=myDomain,dc=myTLD is NOT > >> a referral. > >> > >> [15:40:39] DEBUG > >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Message > >> received: SearchRequest > >> > >> baseDn : > >> 'cn=myBindUser,ou=myBindOU,ou=anotherOU,dc=myDomain,dc=myTLD' > >> > >> filter : '(objectClass=*)' > >> > >> scope : single level > >> > >> typesOnly : false > >> > >> Size Limit : 1000 > >> > >> Time Limit : no limit > >> > >> Deref Aliases : deref Always > >> > >> attributes : 'hassubordinates', 'objectclass' > >> > >> > >> > >> [15:40:39] DEBUG > >> [org.apache.directory.server.ldap.handlers.SearchHandler] - using > >> <1000,1000> for size limit > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.BindHandler] > >> - Received: BindRequest > >> > >> Version : '3' > >> > >> Name : > >> 'cn=myBindUser,ou=myBindOU,ou=anotherOU,dc=myDomain,dc=myTLD' > >> > >> Simple authentication : 'password/0x3F 0x41 0x66 0x73 0x4B > >> 0x3C 0x3D 0x6A ' > >> > >> > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.BindHandler] > >> - Returned SUCCESS message: BindResponse > >> > >> Ldap Result > >> > >> Result code : (SUCCESS) success > >> > >> Matched DN : 'null' > >> > >> Error message : 'null' > >> > >> . > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - Handling single reply request: SearchRequest > >> > >> baseDn : '' > >> > >> filter : '(objectClass=*)' > >> > >> scope : base object > >> > >> typesOnly : false > >> > >> Size Limit : no limit > >> > >> Time Limit : no limit > >> > >> Deref Aliases : never Deref Aliases > >> > >> attributes : 'subschemasubentry', 'dsservicename', > >> 'namingcontexts', 'defaultnamingcontext', 'schemanamingcontext', > >> 'configurationnamingcontext', 'rootdomainnamingcontext', > >> 'supportedcontrol', 'supportedldapversion', > >> 'supportedldappolicies', 'supportedsaslmechanisms', 'dnshostname', > >> 'ldapservicename', 'servername', 'supportedcapabilities' > >> > >> > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - ManageDsaITControl NOT detected. > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Entry > >> is NOT a referral. > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Message > >> received: SearchRequest > >> > >> baseDn : '' > >> > >> filter : '(objectClass=*)' > >> > >> scope : base object > >> > >> typesOnly : false > >> > >> Size Limit : no limit > >> > >> Time Limit : no limit > >> > >> Deref Aliases : never Deref Aliases > >> > >> attributes : 'subschemasubentry', 'dsservicename', > >> 'namingcontexts', 'defaultnamingcontext', 'schemanamingcontext', > >> 'configurationnamingcontext', 'rootdomainnamingcontext', > >> 'supportedcontrol', 'supportedldapversion', > >> 'supportedldappolicies', 'supportedsaslmechanisms', 'dnshostname', > >> 'ldapservicename', 'servername', 'supportedcapabilities' > >> > >> > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute dsservicename does not exist > >> in the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute defaultnamingcontext does not > >> exist in the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute schemanamingcontext does not > >> exist in the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute configurationnamingcontext > >> does not exist in the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute rootdomainnamingcontext does > >> not exist in the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute supportedldappolicies does > >> not exist in the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute dnshostname does not exist in > >> the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute ldapservicename does not > >> exist in the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute servername does not exist in > >> the schema, it will be ignored > >> > >> [15:55:49] WARN > >> [org.apache.directory.server.core.interceptor.context.SearchingOper > >> ati on Context] - Requested attribute supportedcapabilities does > >> not exist in the schema, it will be ignored > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - Handling single reply request: SearchRequest > >> > >> baseDn : '' > >> > >> filter : '(objectClass=*)' > >> > >> scope : whole subtree > >> > >> typesOnly : false > >> > >> Size Limit : 1 > >> > >> Time Limit : no limit > >> > >> Deref Aliases : never Deref Aliases > >> > >> attributes : 'objectclass', 'cn' > >> > >> > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - ManageDsaITControl NOT detected. > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Entry > >> is NOT a referral. > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.SearchHandler] - Message > >> received: SearchRequest > >> > >> baseDn : '' > >> > >> filter : '(objectClass=*)' > >> > >> scope : whole subtree > >> > >> typesOnly : false > >> > >> Size Limit : 1 > >> > >> Time Limit : no limit > >> > >> Deref Aliases : never Deref Aliases > >> > >> attributes : 'objectclass', 'cn' > >> > >> > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.handlers.ReferralAwareRequestHand > >> ler > >> ] > >> - OTHER: failed for SearchRequest > >> > >> baseDn : '' > >> > >> filter : '(2.5.4.0=*:[3232])' > >> > >> scope : whole subtree > >> > >> typesOnly : false > >> > >> Size Limit : 1 > >> > >> Time Limit : no limit > >> > >> Deref Aliases : never Deref Aliases > >> > >> attributes : 'objectclass', 'cn' > >> > >> : -1 > >> > >> java.lang.ArrayIndexOutOfBoundsException: -1 > >> > >> at java.util.ArrayList.get(Unknown Source) > >> > >> at > >> org.apache.directory.server.core.filtering.CursorList.beforeFirst(C > >> urs > >> or > >> List.java:170) > >> > >> at > >> org.apache.directory.server.ldap.handlers.SearchHandler.doSimpleSea > >> rch > >> (S > >> earchHandler.java:729) > >> > >> at > >> org.apache.directory.server.ldap.handlers.SearchHandler.handleIgnor > >> ing > >> Re > >> ferrals(SearchHandler.java:978) > >> > >> at > >> org.apache.directory.server.ldap.handlers.SearchHandler.handleWithR > >> efe > >> rr > >> als(SearchHandler.java:1054) > >> > >> at > >> org.apache.directory.server.ldap.handlers.SearchHandler.handleWithR > >> efe > >> rr > >> als(SearchHandler.java:78) > >> > >> at > >> org.apache.directory.server.ldap.handlers.ReferralAwareRequestHandler. > >> ha > >> ndle(ReferralAwareRequestHandler.java:94) > >> > >> at > >> org.apache.directory.server.ldap.handlers.ReferralAwareRequestHandler. > >> ha > >> ndle(ReferralAwareRequestHandler.java:57) > >> > >> at > >> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handle > >> Mes > >> sa > >> ge(LdapRequestHandler.java:208) > >> > >> at > >> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handle > >> Mes > >> sa > >> ge(LdapRequestHandler.java:58) > >> > >> at > >> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(Dem > >> uxi > >> ng > >> IoHandler.java:232) > >> > >> at > >> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceive > >> d(L > >> da > >> pProtocolHandler.java:193) > >> > >> at > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.me > >> ssa > >> ge > >> Received(DefaultIoFilterChain.java:713) > >> > >> at > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessa > >> geR > >> ec > >> eived(DefaultIoFilterChain.java:434) > >> > >> at > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(D > >> efa > >> ul > >> tIoFilterChain.java:46) > >> > >> at > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.m > >> ess > >> ag > >> eReceived(DefaultIoFilterChain.java:793) > >> > >> at > >> org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.j > >> ava > >> :7 > >> 1) > >> > >> at > >> org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) > >> > >> at > >> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker. > >> run > >> Ta > >> sk(UnorderedThreadPoolExecutor.java:480) > >> > >> at > >> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker. > >> run > >> (U > >> norderedThreadPoolExecutor.java:434) > >> > >> at java.lang.Thread.run(Unknown Source) > >> > >> [15:55:49] DEBUG > >> [org.apache.directory.server.ldap.LdapProtocolHandler] > >> - Cleaning the LdapSession : > >> <2.5.4.3=mybinduser,2.5.4.11=mybinfou,2.5.4.11=anotherou,0.9.2342.1 > >> 920 > >> 03 00.100.1.25=mydomain,0.9.2342.19200300.100.1.25=mytld,...> > >> session > >> > >> [15:55:49] INFO > >> [org.apache.directory.server.ldap.handlers.LdapRequestHandler] - > >> ignoring the message > >> org.apache.directory.shared.ldap.message.UnbindRequestImpl@374e67ab > >> received from null session > >> > >> > > > > > > -- > > Kiran Ayyagari > > > > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com >
