dn syntax error for ldap authentication

Question

I am having difficulty writing a module that can perform LDAP authentication.

When I put the following line in my browser and hit enter, Windows Contacts application will show me the record from the server so I know this is the correct location to connect to:

ldap://directory.abc.edu/uid=asmith,ou=People,o=abc.edu

but then when I want to use the same thing in code, I get an "Invalid dn syntax" error message.

Here is my code:

public void LDAPResult()
        {           
            using (DirectoryEntry root = new DirectoryEntry(string.Format(@"LDAP://directory.abc.edu/uid=asmith,ou=People,o=abc.edu")))
            {
                using (DirectorySearcher searcher = new DirectorySearcher(root))
                {
                    //This following line give me the error
                    **SearchResultCollection results = searcher.FindAll();**

//The rest is not actually important, I never get there to see if it works properly.
                    StringBuilder summary = new StringBuilder();
                    foreach (SearchResult result in results)
                    {
                        foreach (string propName in result.Properties.PropertyNames)
                        {
                            foreach (string s in result.Properties[propName])
                            {
                                summary.Append(" " + propName + ": " + s + "\r\n");
                            }
                        }
                        summary.Append("\r\n");
                    }
                    Console.WriteLine(summary);
                }
            }            
        }

Any help with this is so highly appreciated. Thanks,

Answer 1

You should probably look here

Connecting to LDAP from C# using DirectoryServices

and here

LDAP Directory Entry in .Net - not working with OU=Users

especially for "new DirectoryEntry(...)" usage :)

Answer 2

I am not sure what LDAP directory you are connecting to, but your DN doesn't look quite right.

Especially the "o=abc.edu" part. In Active Directory (the directory I am most familiar with) the The DN would end up being uid=asmith,ou=People,dc=abc,dc=edu. Notice that abc and edu are distinctly different parts. Since you are using O instead of DC I am guessing that the directory is not AD, but the parts of the domain name might still be represented using two o's. o=abc,o=edu perhaps?