Directory Programming .NET

To read Ch. 12, you will have to buy the book.  However, the code I was referring to is free here on the site.  Click up in the Files section, download the samples, and use the Chapter 12 sample for SDS.P authentication.

---

Ryan Dunn
Extemporaneous Mumblings
The .NET Developer's Guide to Directory Services Programming

I downloaded the code sample from this ...thank you.  I am reading on page 427 of the book that we should take care to clean up our ldapConnection instance at some point......how do you remmend doing that if I am using a wcf service. Do I dispose after each authentication or should it be declared as static?

 

 

In order for something like this to scale well, you really need to reuse the connection across multiple requests.  You'll run out of TCP wildcard ports if you open and close the socket over and over and will have operational problems.  You'll also have poor perf.

How you cache it is up to you, but a static variable is definitely one way.

You should probably also consider synchronizing access to the shared connection.  Supposedly LDAP binds are thread safe, but I wouldn't assume that is true.  The samples I've seen of MS implementing the same thing (such as in S.DS.AccountManagement) seem to synchronize access.

Thank you Joe. I choose to use S.DS.AccountManagement for the raisons you mentioned but it is causing the Intermittent error "The ldap server is unavailable". I tried to identify the patern to this error but no luck. I am not sure if this is related to the active directory confiruation setup. The code in chapter 12 recommends using basic and ssl but I don't have SSL on my dev environment.  Do you how to setup ssl for active directory?

 

Thank you.

The code in chapter 12 is just a sample and isn't really that sophisticated.  I don't think we intended to suggest Basic by default, but only to suggest that IF you use Basic, you also use SSL.  You can use negotiate just fine.

The advantage with Basic is that you can also use FastConcurrentBind as well which gives you a nice perf improvement, but it isn't that big of a deal.

Sorry we never figured out why S.DS.AM craps out.  I really don't have an idea.  I lost track of that detail as this thread is a little old and I answer so many questions in so many places that I can't always keep it all straight.  :)

One thing that you could consider trying would be to catch that exception and then in some thread-safe manner tear down the PrincipalContext and create a new one.  I don't know if that would work or not though as the new PrincipalContext might die for the same reason the existing one did.

It shouldn't be this hard.  :)

I agree it should not be this hard....:)  Thank you for your help.

 

 

 

 

Centura2, any news on this issue? I am having the exact same problem. Cheers.

hey,

I am also facing same problem.

fery few times I get this error and which has no pattern.

Did you get any solution for this problem?

Thanks for help.

I have been running into the same error when using the External Collaboration Toolkit for SharePoint.  External users are authenticated against an instance of ADAM.  The environment is Windows 2003 Enterprise Edition R2, WSS 3.0 and ADAM all running on the same virtual machine.  The server is joined to a domain.

External users are authenticated using forms authentication against the ADAM instance with no problem.  Then, some time later (maybe 30 minutes or so) authentication stops working and users receive the, "LDAP server is unavailable" message.  If the IIS application pool is recycled, then everything starts working again for a while.

I have been using Windbg to try to track down the problem.

The exception occurs in the System.DirectoryServices.Protocols.LdapConnection.BindHelper method.  I viewed the following serverErrorMessage attribute of the LdapException using Windbg:

Name: System.String
MethodTable: 790fd8c4
EEClass: 790fd824
Size: 334(0x14e) bytes
 (C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll)
String: 00002035: LdapErr: DSID-0C090E26, comment: Fast bind mode can only be invoked on an unbound connection.  This connection has already been bound.

The _message attribute of the LdapException was, "The LDAP server is unavailable."  The errorCode attribute was 81.

Does any of this help to track down the problem?

There are a number of people here running into the same issue - I am having trouble keeping track of what code everyone is running.

The error debugging you did is great.  If this is SDS.AM code where it is throwing an error, this means that there is a bug in the code.  Trying to fast bind to an already bound connection is a no-no (and one that bit me when I released the sample code initially).

Can you confirm what code you are running?

---

Ryan Dunn
Extemporaneous Mumblings
The .NET Developer's Guide to Directory Services Programming

Thanks for your reply.  I am running .NET framework v2.0.50727 and Windows SharePoint Services 3.0 with SP1.  The membership provider used for the forms authentication is the ActiveDirectoryMembershipProvider class.

The server is Windows Server 2003 R2 Enterprise Edition with SP2.  The membership provider was configured using the ECTS installation script.  Here is the provider configuration in the web.config:

<add name="ADAMUser" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADAMConnectionString" attributeMapUsername="userPrincipalName" requiresQuestionAndAnswer="true" enablePasswordReset="true" attributeMapPasswordQuestion="eatmuPasswordQuestion" attributeMapPasswordAnswer="eatmuPasswordAnswer" attributeMapFailedPasswordAnswerCount="eatmuFPAC" attributeMapFailedPasswordAnswerTime="eatmuFPAT" attributeMapFailedPasswordAnswerLockoutTime="eatmuFPALT" />

The SharePoint site for external users was created by extending an existing SharePoint site that uses Integrated Authentication.  The external web site uses SSL.  All of the setup was done following the ECTS deployment and operations guide.

Let me know if there is anything else that you need.  This is a test environment, so I would have no problem sending any dump files that might be helpful.  Thanks.

Would you ping me offline?  I will try to connect you with the right people.

---

Ryan Dunn
Extemporaneous Mumblings
The .NET Developer's Guide to Directory Services Programming

I'm having the exact same trouble in the exact same environment (Well im doing a medium farm installation).

I got all the tools to work, i can create users and sites from MOSS to ADAM.

The problem is when i try to open the external site i get the exact LDAP error.

If i change the conection string i get an error so i know the provider is trying to access my ADAM server and i know it is up because i can create users from the other regular interfaces. I just can't log in with this provider.

If you guys found a way to make this work i need some help :-(

fbuckle:

Thanks for your reply.  I am running .NET framework v2.0.50727 and Windows SharePoint Services 3.0 with SP1.  The membership provider used for the forms authentication is the ActiveDirectoryMembershipProvider class.

The server is Windows Server 2003 R2 Enterprise Edition with SP2.  The membership provider was configured using the ECTS installation script.  Here is the provider configuration in the web.config:

<add name="ADAMUser" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADAMConnectionString" attributeMapUsername="userPrincipalName" requiresQuestionAndAnswer="true" enablePasswordReset="true" attributeMapPasswordQuestion="eatmuPasswordQuestion" attributeMapPasswordAnswer="eatmuPasswordAnswer" attributeMapFailedPasswordAnswerCount="eatmuFPAC" attributeMapFailedPasswordAnswerTime="eatmuFPAT" attributeMapFailedPasswordAnswerLockoutTime="eatmuFPALT" />

The SharePoint site for external users was created by extending an existing SharePoint site that uses Integrated Authentication.  The external web site uses SSL.  All of the setup was done following the ECTS deployment and operations guide.

Let me know if there is anything else that you need.  This is a test environment, so I would have no problem sending any dump files that might be helpful.  Thanks.