Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LdapSessionOptions.VerifyServerCertificate Callback Does Not Work in Linux #109952

Closed
BavadhariniE opened this issue Nov 19, 2024 · 5 comments
Closed

LdapSessionOptions.VerifyServerCertificate Callback Does Not Work in Linux #109952

BavadhariniE opened this issue Nov 19, 2024 · 5 comments
Labels
area-System.DirectoryServices

Comments

@BavadhariniE
Copy link

Description

Description

While using the System.DirectoryServices.Protocols library in .NET Core on Linux, attempting to set the LdapSessionOptions.VerifyServerCertificate callback results in an exception.

Exception Details:

Error in LdapSearch: "System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable. at System.DirectoryServices.Protocols.ErrorChecking.CheckAndSetLdapError(Int32 error) at System.DirectoryServices.Protocols.LdapSessionOptions.set_VerifyServerCertificate(VerifyServerCertificateCallback value)

Reproduction Steps

  1. Use the following code snippet on a Linux environment:
using System;
using System.DirectoryServices.Protocols;

var ldapConnection = new LdapConnection("ldaps://your-ldap-server:636")
{
    SessionOptions =
    {
        SecureSocketLayer = true,
        VerifyServerCertificate = (conn, cert) => true // Ignore SSL validation
    }
};

ldapConnection.Bind();

2. Replace "ldaps://your-ldap-server:636" with your actual LDAP server and port.

3. Run the code.

4. Observe the exception.

### Expected behavior

The `VerifyServerCertificate` callback should allow bypassing SSL validation on Linux, as it does on Windows.


### Actual behavior

The callback throws an exception on Linux with the message: `System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable`.

Error in LdapSearch: "System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable. at System.DirectoryServices.Protocols.ErrorChecking.CheckAndSetLdapError(Int32 error) at System.DirectoryServices.Protocols.LdapSessionOptions.set_VerifyServerCertificate(VerifyServerCertificateCallback value)



### Regression?

The same code works without errors on Windows. However, it fails on Linux. This inconsistency prevents cross-platform development for applications using the System.DirectoryServices.Protocols library for LDAP.

Support the LdapSessionOptions.VerifyServerCertificate callback functionality on Linux, enabling developers to handle SSL certificate validation dynamically across platforms.

### Known Workarounds

_No response_

### Configuration

_No response_

### Other information

_No response_
@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label Nov 19, 2024
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-directoryservices, @jay98014
See info in area-owners.md if you want to be subscribed.

@MichalPetryka
Copy link
Contributor

Duplicate of #60972.

@steveharter
Copy link
Member

Closing as duplicate.

@steveharter steveharter closed this as not planned Won't fix, can't repro, duplicate, stale Nov 20, 2024
@dotnet-policy-service dotnet-policy-service bot removed the untriaged New issue has not been triaged by the area owner label Nov 20, 2024
@BavadhariniE
Copy link
Author

#60972 is about 389 port. I want to use 636 port so LdapSessionOptions.VerifyServerCertificate this callback function is necessary.

@BavadhariniE
Copy link
Author

@steveharter Please reopen the ticket. I want a solution for port 636.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.DirectoryServices
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@steveharter @MichalPetryka @BavadhariniE