Validating a user
I have an application (in c#/.net, using the DirectoryServices namespace) which validates a user (username, password) with an LDAP data-store. Now, I want to validate users in another LDAP data-store, and the application fails.
It appears there are rather large differences between LDAP data-stores. Is this correct?
For example, another problem I found was that "group membership" in one data-store is designated by a property called "memberOf", while in the other data-store it was "groupMembership". (How an application can know what they are called, I don't know).
Yet another problem has to do with sorting search results. In one data-store it is possible to set "sort" requirements on the classes used to query the data-store, while with the other this results in an exception in the code. Again - how can you make a single application which can access multiple LDAP data-stores?
Well, frustrations aside, how do I validate? Is there a way to validate a user, with username and password, which works regardless of the particular LDAP installation? I mean, ther must be something standard, surely?
My code, which works with the first LDAP data-store, looks like the following. I get an exception when I run this code with another datastore (a different server address of course).
public bool ValidateUser(string username, string password)
// The "main" directory-entry....
DirectoryEntry main = new DirectoryEntry("LDAP://192.168.0.110:389/ou=Users,ou=MAIN,o=Clients", "ldapLogin", "ldapPwd", AuthenticationTypes.ServerBind);
// Get the "sAMAccountName" for the specified user:
string sAMAccountName = null;
DirectorySearcher ds = new DirectorySearcher();
ds.SearchRoot = main;
ds.Filter = "(&(objectClass=user)(cn=" + username + "))";
SearchResultCollection results = ds.FindAll();
if (results != null && results.Count > 0)
SearchResult sr = results;
string name = (string)sr.Properties["cn"];
sAMAccountName = (string)sr.Properties["sAMAccountName"];
using (DirectoryEntry entry = new DirectoryEntry(main.Path, sAMAccountName, password))
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.Filter = "(objectclass=user)";
catch (Exception ex)
// No such user "username":
Another point is that one data-store has a property called "sAMAccountName", the othe does not. Here I think it is called "uid".
Thanks for any help and advice,