I need help with retrieving all possible properties(Distinguished Name , etc) and values from a LDAP server using C# 4.0 code.
My end user is simply going to enter the name of the LDAP server in my application.
The LDAP server can be a private server or an open LDAP server as available in this page Public LDAP servers.
I am using System.DirectoryServices.Protocols.LdapConnection class to connect to the LDAP servers and System.DirectoryServices.Protocols.SearchRequest class to retrieve the values.
Here's my problem :
The System.DirectoryServices.Protocols.SearchRequest class requires the distinguished name of the server as a parameter to retrieve users, group etc.
My end-user will simply be entering the server name.
I have to get the distinguished name from the server via my C# code. I am unable to find(even google out) a C# solution for my problem.
I found an application online that actually does what I wanted.
I simply provided LDAP server name and it retrieved the values(distinguished name, port no, etc) from that server.
Could someone please provide me a solution to get the values using C# .NET 4.0.
I cannot use any paid third party softwares or dlls.
LDAP does not use properties, it has attributes. To fetch attributes from a server, an LDAP client must connect to the server, authenticate the connection using the BIND request, and then transmit a search request to the server and interpret the server's response. A search request consists of the following at a minimum:
base object
search scope
search filter
list of attributes to retrieve
Properly coded LDAP clients will include a size limit and time limit in addition to the above required elements.
The search result from the server will contain an integer result code, and a list of objects that matched the search request parameters (filtered by the search filter). A search can be successful but return no entries.
If the base object is not known, transmit a search request for the namingContexts attribute in the root DSE. The root DSE can only be obtained by using a base object of "" and a search scope of 'base'. The filter should be (&) or (objectClass=*). The directory server publishes certain information, including the namingContexts, in the root DSE, although that information is subject to access controls like everything else.
see also
LDAP: Search Best Practices
LDAP: Programming Best Practices
LDAP: The Root DSE
Related
When trying to get all users from AD based on a role I was getting the exception:
System.DirectoryServices.Protocols.DirectoryOperationException: The
size limit was exceeded
With help of this thread :
LdapConnection SearchRequest throws exception for “The size limit was exceeded I tried implementing paging.
Now I am getting an exception:
The server does not support the control. The control is critical.
Any ideas on how to go about resolving it? I get a smaller list of role based users fine without paging.
Thanks.
UPDATE:
I found code to check if paging is supported by AD here iPlanet LDAP and C# PageResultRequestControl and I got the result that paging is supported.
It is true that it helps to change from AuthType.Basic, but in case anyone wants to get it working with AuthType.Basic then you need to make sure to set LDAP protocol version to 3:
var connection = new LdapConnection(new LdapDirectoryIdentifier(server), null, AuthType.Basic);
connection.Bind(new NetworkCredential(username, password));
connection.SessionOptions.ProtocolVersion = 3;
I found this solution here: https://groups.google.com/d/msg/microsoft.public.active.directory.interfaces/x1ZiixXknqk/m7-Li21QBoIJ
The solution posted in response to thread Paged LDap search fails with “The requested attribute does not exists” helped me with my issue too. I was using AuthType.Basic and changing it to AuthType.Ntlm had the paging code running fine. I doubt it will affect any other piece of AD code that I have but I'll check and post if I find anything to watch out for.
Thanks.
I recently experienced this issue even though I had explicitly set the LDAP version number to 3 and was using NTML authentication.
In my case there was a mutli domain Active Directory Domain Services forest and the problem was resolved by changing the port number used to establish the LDAP connection from 389 to 3268.
It turns out that these ports have very specific purposes -
389 - requests information from the local domain controller. The local domain controller has access to the complete list of attributes for all objects within the domain however querying for objects stored on an another domain requires referral chasing and this was where I was seeing "The server does not support the control" error.
3268 - This port is used to access the Global Catalog, this is a repository of all of the objects within the entire forest. It does have it limits in that the Global Catalog only stores attributes that have been marked for replication. Another side effect is that the Global Catalog is much more performant that access the local domain controller as it has no reliance on referral chasing to work.
I have a requirement where i need to get all the issues for a particular project in jira so for this i have created a console application which has rest client class using which I make a GET request call and for testing purpose rest api url is
"https://jira.atlassian.com/rest/api/latest/issue/JRA-9"
using this url i make a HttpWebRequest and get the response back in json formated string. Now this json string contain all the issue specific information but my actual requrement is to get all the project specific issues.
I tried to find out if i get any project specifc URL for testing purpose from where i get json reply back and I found http://kelpie9:8081/rest/api/2/search?jql=project=QA+order+by+duedate&fields=id,key but for this i get the "The remote name could not be resolved: 'kelpie9'" error.
Could you please help me in this?
`
JIRA's REST API does not appear to currently support any project-based queries separate from their search API.
You can specify a specific project in the search by using the JQL. Given that you know a project (e.g., "JRA" in "JRA-9"), then you can quickly search through all of its issues:
Working result: https://jira.atlassian.com/rest/api/latest/search?jql=project=JRA
One important note is that the results return actual total versus what is actually returned:
"startAt":0,"maxResults":50,"total":30177
You can add query string variables to the request to get more (or less) results. You can also control the fields related to issues to retrieve as well: https://jira.atlassian.com/rest/api/latest/search?jql=project=JRA&startAt=75&maxResults=75 (slower the more you request, and probably not nice to hit their public servers with big numbers).
You can even POST a JSON object that represents the query (slightly tweaked from the linked search docs):
{"jql":"project = JRA","startAt":75,"maxResults":75,"fields":["id","key"]}
Of interest, and as part of the JQL, you can sort the results by any field. Just add " order by id" to the project name, as-in "jql=JRA+order+by+id" in the querystring or "jql": "project = JRA order by id" in the POSTed JSON body.
Note: Above is the actual answer to the real question. However, the literal question is the cause of the `The remote name could not be resolved: 'kelpie9' error.
Their documentation shows kelpie9 as an example server name that they are testing on internally, running on port 8081. Your computer is not aware of a server/machine named kelpie9, as it does not publicly exist. Replace kelpie9 with whatever your JIRA server's hostname is internally and 8081 with whatever port it is using (or remove it if you do not see one when you view JIRA on your intranet site, which means port 80 for http and port 443 for https). For example, many companies run it a "https://jira/". You would replace the example link with https://jira/rest/api/2/search?jql=project=QA+order+by+duedate&fields=id,key.
We are relying on refering urls when we pick up requests from users who installed our widget, it's just and iframe, similar to Google plus button, Facebook Like etc.
Recently we noticed that Google's blogspot blogs can be accessed using multiple urls with different ending like:
*.blogspot.com
*.blogspot.fr
*.blogspot.co.uk
...
Now our database is getting filled with duplicate websites.
Is there any way to get real address every time like *.blogspot.com
Are there any other websites that do such a thing, make themsalves available through different domains without redirecting to real one, or is blogspot specific?
How does facebook handle this, do people that own blog on blogspot have different like count for different domain?
You can do a dns lookup for CNAME entries.
var host = Dns.GetHostByName("www.blogspot.com").HostName;
// host == "blogger.l.google.com"
If the host DNS contains a CNAME, the HostName property will return the CNAME.
The following description my be helpful:
A CNAME record or Canonical Name record is a type of resource record
in the Domain Name System (DNS) that specifies that the domain name is
an alias of another, canonical domain name. Here "canonical" usually
means: a more generally accepted or standard name.
(Wikipedia)
Alright, I'll be straightfoward here. I successfully called Windows Azure Analytic Services's REST APIs for getting and setting the settings for Blob logging and metrics.
However, when I give it a go for tables and queues, I get the following error message:
AuthenticationFailed Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:9d4436e0-9367-46ed-9967-b3ebe888d2f8 Time:2012-01-16T09:20:09.5141262Z
The string I use to sign is the following:
GET\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:Mon, 16 Jan 2012 09:04:50 GMT\nx-ms-version:2011-0818\n/<accountname>/\ncomp:properties\nrestype:service. It works perfectly fine for Blobs.
The most troublesome thing is that I am not getting an AuthenticationErrorDetail in my response from Analytic Services. When I tried calling the settings REST APIs for Blobs, I actually got a AuthenticationErrorDetail that told me what string the server used to sign. That really helped me construct the above.
Has anyone else gone through something similar?
I realised that my REST calls worked for queues too. It did not work for tables, however.
http://msdn.microsoft.com/en-us/library/windowsazure/dd179428.aspx offered more information:
2009-09-19 Shared Key Lite and Table Service Format
This format supports Shared Key and Shared Key Lite for all versions
of the Table service, and Shared Key Lite for the 2009-09-19 version
of the Blob and Queue services. This format is identical to that used
with previous versions of the storage services. Construct the
CanonicalizedResource string in this format as follows:
Beginning with an empty string (""), append a forward slash (/),
followed by the name of the account that owns the resource being
accessed.
Append the resource's encoded URI path. If the request URI addresses a
component of the resource, append the appropriate query string. The
query string should include the question mark and the comp parameter
(for example, ?comp=metadata). No other parameters should be included
on the query string.
In the end, it accepted the path ?comp=properties.
I encountered similar problems - blobs working fine, tables not working - when I incorrectly used DateTime.Now instead of DateTime.UtcNow for x-ms-date header
I'm trying to access an LDAP directory via the SearchRequest object in C#. I can make the same calls via an LDAP library running in and iPhone app, as well as directly via a terminal session. However, the C# queries all seem to fail.
var search = new SearchRequest("ou=calendar,dc=ualberta,dc=ca", "term=*,course=094398,class=*", System.DirectoryServices.Protocols.SearchScope.Subtree, attributeLst);
This returns a list of terms for the course calendar. However, making the following calls won't return results for specific courses
var search = new SearchRequest("ou=calendar,dc=ualberta,dc=ca", "term=1330,course=094398", System.DirectoryServices.Protocols.SearchScope.Subtree, attributeLst);
The attributeLst object has proper attribute names included, but the query always returns with zero results.
Any suggestions anyone has would be greatly appreciated. Thanks.
Could it be related to the underlying LDAP property, i.e course's ldap datatype, i.e. is it one of the various strings or an integer in the LDAP store, if so the leading zero may throw it off? Also, I'm curious, logical and's (atleast when querying AD which is an LDAP implementation - not sure what your underlying store is) typically follow something like this:
(&(term=1330)(course=094398))