Support LDAPS ( TLS ) in System.DirectoryServices.Protocols ON Linux

[carlosromanbarrado]

Discussed in #103242

^{Originally posted by carlosromanbarrado June 10, 2024}
Hello,

I have spent several days trying to connect using LdapConnection in Linux VMs again LDAP Servers protected by LDAPS.
I could not, but i can on Windows.

I can connect LDAP on boths, Linux & Windows.

I´m not sure if i´m doing something wrong or the reason is that LDAPs is not supported on Linux on NET 8.

I´m allways get an Exception: "LDAP Server is unavailable"

My Code is very simple:

NET 8.0
System.DirectoryServices.Protocols 8.0.0

---

string ldapServer = "MYSERVER";  // Real Data in my tests
string ldapPort = "636";
string userConn = "userDN"; // Real Data in my tests
string password = "passwords"; // Real Data in my tests


ldapsettings = new LdapDirectoryIdentifier(ldapServer,Int32.Parse(ldapPort),false,false);
ldapConn = new LdapConnection(ldapsettings);
ldapConn.Credential = new NetworkCredential(userConn, password);
ldapConn.AuthType = AuthType.Basic;
LdapSessionOptions options = ldapConn.SessionOptions;
options.SecureSocketLayer = true;
options.ProtocolVersion = 3;

ldapConn.Bind();

---

Let me for any question.

Many Thanks,
Carlos Román

[buyaa-n]

I´m not sure if i´m doing something wrong or the reason is that LDAPs is not supported on Linux on NET 8.

Not sure for sure, you might be using a LdapOption that is not supported on Linux, check:

runtime/src/libraries/Common/src/Interop/Interop.Ldap.cs

Lines 134 to 149 in d5d2448

	LDAP_OPT_SERVER_ERROR = 0x33, // Not Supported in Linux
	LDAP_OPT_SERVER_EXT_ERROR = 0x34, // Not Supported in Linux
	LDAP_OPT_HOST_REACHABLE = 0x3E, // Not Supported in Linux
	LDAP_OPT_PING_KEEP_ALIVE = 0x36, // Not Supported in Linux
	LDAP_OPT_PING_WAIT_TIME = 0x37, // Not Supported in Linux
	LDAP_OPT_PING_LIMIT = 0x38, // Not Supported in Linux
	LDAP_OPT_DNSDOMAIN_NAME = 0x3B, // Not Supported in Linux
	LDAP_OPT_GETDSNAME_FLAGS = 0x3D, // Not Supported in Linux
	LDAP_OPT_PROMPT_CREDENTIALS = 0x3F, // Not Supported in Linux
	LDAP_OPT_TCP_KEEPALIVE = 0x40, // Not Supported in Linux
	LDAP_OPT_FAST_CONCURRENT_BIND = 0x41, // Not Supported in Linux
	LDAP_OPT_SEND_TIMEOUT = 0x42, // Not Supported in Linux
	LDAP_OPT_REFERRAL_CALLBACK = 0x70, // Not Supported in Linux
	LDAP_OPT_CLIENT_CERTIFICATE = 0x80, // Not Supported in Linux
	LDAP_OPT_SERVER_CERTIFICATE = 0x81, // Not Supported in Linux
	LDAP_OPT_AUTO_RECONNECT = 0x91, // Not Supported in Linux

For example you might be using LdapSessionOptions.VerifyServerCertificate callback that is not supported on Linus

[carlosromanbarrado]

Hello,

You can close the issue.

As you indicate, "LdapSessionOptions.VerifyServerCertificate" is not work in Linux and failed.

I dont use this, but i can work correctly my code as LDAP Subsystem in Linux control the Certificate Validations Behaviour, plus timeout and so. ( pe: LDAPTLS_CERT )

Many Thanks,