Hi

I have an application (in c#/.net, using the DirectoryServices namespace) which validates a user (username, password) with an LDAP data-store. Now, I want to validate users in another LDAP data-store, and the application fails.

It appears there are rather large differences between LDAP data-stores. Is this correct?

For example, another problem I found was that "group membership" in one data-store is designated by a property called "memberOf", while in the other data-store it was "groupMembership". (How an application can know what they are called, I don't know).

Yet another problem has to do with sorting search results. In one data-store it is possible to set "sort" requirements on the classes used to query the data-store, while with the other this results in an exception in the code. Again - how can you make a single application which can access multiple LDAP data-stores?

Well, frustrations aside, how do I validate? Is there a way to validate a user, with username and password, which works regardless of the particular LDAP installation? I mean, ther must be something standard, surely?

My code, which works with the first LDAP data-store, looks like the following. I get an exception when I run this code with another datastore (a different server address of course).

public bool ValidateUser(string username, string password)
{
// The "main" directory-entry....
DirectoryEntry main = new DirectoryEntry("LDAP://192.168.0.110:389/ou=Users,ou=MAIN,o=Clients", "ldapLogin", "ldapPwd", AuthenticationTypes.ServerBind);

// Get the "sAMAccountName" for the specified user:
string sAMAccountName = null;
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = main;
ds.PropertiesToLoad.Add("cn");
ds.PropertiesToLoad.Add("sAMAccountName");
ds.Filter = "(&(objectClass=user)(cn=" + username + "))";
SearchResultCollection results = ds.FindAll();

if (results != null && results.Count > 0)
{
SearchResult sr = results[0];
string name = (string)sr.Properties["cn"][0];
sAMAccountName = (string)sr.Properties["sAMAccountName"][0];

using (DirectoryEntry entry = new DirectoryEntry(main.Path, sAMAccountName, password))
{
DirectorySearcher searcher = new DirectorySearcher(entry);

searcher.Filter = "(objectclass=user)";

try
{
searcher.FindOne();
return true;
}
catch (Exception ex)
{
return false;
}
}
}
else
{
// No such user "username":
return false;
}
}

Another point is that one data-store has a property called "sAMAccountName", the othe does not. Here I think it is called "uid".

Thanks for any help and advice,
Peter