Click here to Skip to main content
14,355,618 members

.NET Client Classes for openldap/winldap

Rate this:
4.88 (17 votes)
Please Sign up or sign in to vote.
4.88 (17 votes)
11 Mar 2003CPOL
An example of using LDAP/OpenLDAP with .Net

LDAP - Lightweight Directory Access Protocol


openldap (plain|tls)openldap
winldap (plain|tls)openldap
openldap (plain|tls)Active Directory
winldap (plain|tls)Active Directory

NOTE: Before using the library you have to go through the code and review it.

Building openldap client lib:

Here are the steps to build openldap on windows. To build the client library there is not much tweaking to be done. I used openldap-2.1.12. The .dsp and .dsw files are under ..\build\ directory. If you open main.dsw, it contains openldap server as well as ldap client library. For the client you need to build libldap_r and liblber projects. I didn't use SASL authentication mechanisms so i removed SASL and Regex dependency also from the ldap library (although, it's not hard to build with sasl/regex support). To remove SASL/Regex dependency expand setup project. Open portable.nt file and comment out

//#define HAVE_REGEX_H 1
//#define HAVE_CYRUS_SASL 1

(Or otherwise follow instructions from here .)

Right click on libldap_r (thread safe version) and liblber projects and Rebuild. This should build without any problems. Now you have to set the VS.NET search directory for libraries to where the outputed oldap_r.lib and olber32.lib are. And the same for include files:

..\openldap-2.1.12\Debug or ..\openldap-2.1.12\Release or some common directory or renamed debug and release files.

Building openldap server on Windows for testing purposes:

Check the build instructions here, this is for openldap-2.0.xx versions.

You can also successfully build openldap-2.1.xx and I used Sleepycat Berkley's db-4.1.xx, and cyrus-sasl-1.5.xx with it. When everything is built you have to copy *.exe and *.dll files to some directory that will be the base directory for openldap server.

You will need to copy the schema directory from ..\openldap\openldap-2.1.12\servers\slapd\schema to your base openldap dir and the sample slapd.conf file from ..\openldap\openldap-2.1.12\servers\slapd\slapd.conf.

In slapd.conf add ucdata-path before any include statements. Like this:

ucdata-path "X:/openldap-2.1.12/ucgendat". 

Then open command prompt and run

ucgendat.exe -o X:/openldap-2.1.12/ucgendat

If you get this error: error loading ucdata (error -127), you'll know that ucgendata wasn't setup. In 2.0.xx versions it wasn't needed.

Fill/Change the rest of slapd.conf to your needs. Check various resources, specifically slapd.conf man page at and type slapd.conf also check Quick-Start Guide and Administrator's Guide.

To debug possible errors you can start slapd -d 255 to do this you need to compile with LDAP_DEBUG. This can be added in portable.nt file, it's under setup project; somewhere at the top add:

#define LDAP_DEBUG 1

If you want to add ssl/tls support, you can do that through openssl. You have to get the latest openssl version (for example openssl-0.9.7a) and follow the instructions in INSTALL.W32 file that comes with the package. After you've built openssl into dll or static libraries you have to add it's .lib/.h directories to VS.NET's search directory for libraries/include files. Now you have to open portable.nt from setup project of openldap solution. somewhere at the top add this:

#define HAVE_TLS 1 
#pragma comment(lib, "ssleay32r.lib") 
#pragma comment(lib, "libeay32r.lib")

And build openldap. Now you have to edit the slapd.conf file. Related options are: TLSVerifyClient, TLSCertificateFile, TLSCertificateKeyFile, TLSCACertificateFile, TLSCipherSuite, etc.

Now you can start ldap to listen for ssl/tls connections:

slapd -h "ldaps://somehost ldap://somehost

Although ldaps:// is not needed when using ldap_start_tls_s because it talks on normal ldap port (389) and not on 636 for ssl. When connecting with winldap client the CA of server's certificate has to be trusted by the client PC, which means it has to be installed under trusted CA's. You can check if there are any problems with server certificate by connecting to the server with Internet Explorer. More trouble shooting info related to winldap is available by searching for: ldap_sslinit troubleshoot there you will find mskb article.

Ldap .NET Class Usage


LdapClient c = new  LdapClient("", 
               LdapClient.DefaultPort,true /*version 3?*/, true /*use tls?*/);
c.ldap_simple_bind_s("bind_dn", "your_pass");


LdapResult res;
int count = c.ldap_search_ext_s("dn_to_start_the_search_at", 
              "sn=*",         /* search filter */
              new string[0],  /* attribs to return, empty for all */
              false,          /* return attrsonly? */
              60,             /* allow 60 secs for the search */
              0,              /* 0 == no size limit on returned entries */
              out res);

Console.WriteLine("Search Returned: {0}", count);

foreach(Oldap.LdapEntry entry in res)
    Console.WriteLine("dn:{0}", entry.DN);
    foreach(Oldap.LdapAttribute attr in entry)
        if(attr.Name == "string_type?")
            foreach(string val in attr.StringValues)
                Console.WriteLine("{0}: {1}", attr.Name, val);
        else if(attr.Name == "binary_type?")
            foreach(Byte[] val in attr.BinaryValues)
                mem = new MemoryStream();
                mem.Write(val, 0, val.Length);
                //do something with it

Adding new Entry

(supported types: String or String[], Byte[] or array of Byte[]):

string entryDN = "dn_of_new_entry";
ListDictionary attrval = new ListDictionary();
attrval["objectClass"]=new string[]{"top", "person"}; 
//person class is abstract in AD
attrval["cn"]=new string[]{"test"};

//Byte[] example. To add multiple binary values you have 
//to pass array of byte[], so something like
//ArrayList that has Added byte[]s and then gives the array 
//with ToArray method should work
//Bitmap bmp = new Bitmap("..\\..\\some.bmp"); 
//mem = new MemoryStream();  
//bmp.Save(mem, ImageFormat.Bmp);
//attrval["personPhoto"]= new object[]{mem.ToArray()}; //aray of byte[]     
//attrval["personPhoto"]= mem.ToArray(); //byte[] 
//personPhoto is custom attribute with 
//in AD it's 
//To support it i defined a new objectClass 
//that includes it, and "person" objectClass
//used in above example doesn't know about it.

c.ldap_add_s(entryDN, attrval);

if(c.ldap_compare_s(entryDN, "cn", "test") == true) 
//check if value exists for attrib under specific entry

Replacing attribute in existing entry:

c.ldap_mod_replace(entryDN, attrval);

Adding attribute to existing entry:

attrval["telephoneNumber"]=new string[]{"phone1","phone2"};
c.ldap_mod_add(entryDN, attrval);

Removing attribute from existing entry:

attrval["telephoneNumber"]=new string[0];          
//remove attribute completely
attrval["telephoneNumber"]=new string[]{"phone2"}; 
//remove specific value from attribute                                                
//or whole attribute if it's the only value

c.ldap_mod_delete(entryDN, attrval);

Deleting whole entry:


Exception thrown:

LDAPExceptionPartialResult - thrown when searching and specifying size limit. 
partial_count data member has the returned count.

The rest of ldap functions including async methods, referrals (LDAP_OPT_REFERRALS), etc... are to be added on as needed basis.


Winldap related:

Common SSL errors with winldap:
0x80090322 - "The target principal name is incorrect"
0x80090325 - "The certificate chain was issued by an authority that is not trusted"

Active Directory related:



This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Leon Finker
United States United States
No Biography provided

Comments and Discussions

GeneralMy vote of 1 Pin
Ales Prochazka20-Jan-09 21:33
memberAles Prochazka20-Jan-09 21:33 
GeneralThank you! Pin
LHoliday4-Dec-08 11:41
memberLHoliday4-Dec-08 11:41 
GeneralRe: Thank you! Pin
LHoliday4-Feb-09 13:38
memberLHoliday4-Feb-09 13:38 
QuestionTLS Pin
Felipe Ferreira11-Jun-07 10:56
memberFelipe Ferreira11-Jun-07 10:56 
AnswerRe: TLS Pin
windmateus3-Jul-07 13:21
memberwindmateus3-Jul-07 13:21 
GeneralRe: TLS [modified] Pin
Fiorebat17-Dec-07 6:49
memberFiorebat17-Dec-07 6:49 
Questionthe meaning of Oldap.LdapEntry is..... Pin
sion_com20004-Apr-07 13:03
membersion_com20004-Apr-07 13:03 
QuestionLatest LDAP stable version??? Pin
lucaregini21-Jul-05 4:29
memberlucaregini21-Jul-05 4:29 
AnswerRe: Latest LDAP stable version??? Pin
Leon Finker21-Jul-05 16:36
memberLeon Finker21-Jul-05 16:36 
GeneralBitReflex.DirectoryServices Pin
jraneses7-Sep-04 22:18
memberjraneses7-Sep-04 22:18 
GeneralVery nice work! :-) Pin
news_read3-Sep-04 1:41
membernews_read3-Sep-04 1:41 
GeneralThanks a lot! Pin
edgecrush3r22-Aug-03 4:15
memberedgecrush3r22-Aug-03 4:15 
GeneralRe: Thanks a lot! Pin
Leon Finker22-Aug-03 7:38
memberLeon Finker22-Aug-03 7:38 
GeneralSystem.DirectoryServices Pin
Colin Bowern19-Mar-03 8:35
memberColin Bowern19-Mar-03 8:35 
GeneralRe: System.DirectoryServices Pin
Leon Finker19-Mar-03 11:02
memberLeon Finker19-Mar-03 11:02 
GeneralRe: System.DirectoryServices Pin
ru19-Mar-03 22:12
memberru19-Mar-03 22:12 
GeneralRe: System.DirectoryServices Pin
Colin Bowern20-Mar-03 8:31
memberColin Bowern20-Mar-03 8:31 
GeneralRe: System.DirectoryServices Pin
ru20-Mar-03 18:57
memberru20-Mar-03 18:57 
GeneralRe: System.DirectoryServices Pin
Andrey Nepomnyaschih20-Mar-03 4:51
sussAndrey Nepomnyaschih20-Mar-03 4:51 
GeneralRe: System.DirectoryServices Pin
Leon Finker20-Mar-03 7:08
memberLeon Finker20-Mar-03 7:08 
GeneralRe: System.DirectoryServices Pin
Andrey Nepomnyaschih31-Mar-03 6:16
sussAndrey Nepomnyaschih31-Mar-03 6:16 
GeneralRe: System.DirectoryServices Pin
Andrey Nepomnyaschih31-Mar-03 22:07
sussAndrey Nepomnyaschih31-Mar-03 22:07 
GeneralRe: System.DirectoryServices Pin
Leon Finker1-Apr-03 6:03
memberLeon Finker1-Apr-03 6:03 
GeneralRe: System.DirectoryServices Pin
Andrey Nepomnyaschih2-Apr-03 1:25
sussAndrey Nepomnyaschih2-Apr-03 1:25 
GeneralRe: System.DirectoryServices Pin
Andrey Nepomnyaschih24-Jun-03 5:11
sussAndrey Nepomnyaschih24-Jun-03 5:11 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Posted 11 Mar 2003


62 bookmarked