Looks like Yahoo is down...around 10:00 MST on 3/8/13. Looks like the outage just affects Finance. Other Yahoo sites are still accessible. Looks like it came back up around 10:30.
Mike's Technology and Finance Blog covers a number of different topics in finance and technology. Most technical posts provide architecture, development, implementation, troubleshooting techniques for different Enterprise IT systems that run on the Windows, UNIX, and Linux platforms. Some posts also include my personal opinions and rants.
Friday, March 8, 2013
Thursday, March 7, 2013
Searching Non-Microsoft LDAP Directories With .Net and Powershell
In this series on working with non-Microsoft directories in PowerShell and .Net
It is relatively straightforward to write .Net applications against Active Directory (AD) and Active Directory Lightweight Directory Services (ADLDS), but a number of challenges arise from writing applications against non-Microsoft directories.
More often than you would think, I am confronted with the use case of connecting to a non-Microsoft directory (ex. OpenLDAP, Oracle Internet Directory, IBM Directory Server, and Novell eDirectory). In a few cases, you can use the same classes that you would with AD or ADLDS that exist in the System.DirectoryServices namespace (ex. DirectoryEntry, DirectorySearcher, SearchResult, DirectoryEntries, etc), but in many cases you will run into an assortment of issues that usually ends in failure.
Digging into the namespace a little further, Microsoft has developed the System.DirectoryServices.Protocols namespace that gives you the ability to interact with LDAP directories at a lower level than the classes provided by the System.DirectoryServices namespace, but at a higher level than having to write your own LDAPv3 library from scratch.
Below is sample code for a sample C# .Net application and a sample Powershell script that allows interaction with non-Microsoft LDAP directories:
The example Powershell port follows:
It is relatively straightforward to write .Net applications against Active Directory (AD) and Active Directory Lightweight Directory Services (ADLDS), but a number of challenges arise from writing applications against non-Microsoft directories.
More often than you would think, I am confronted with the use case of connecting to a non-Microsoft directory (ex. OpenLDAP, Oracle Internet Directory, IBM Directory Server, and Novell eDirectory). In a few cases, you can use the same classes that you would with AD or ADLDS that exist in the System.DirectoryServices namespace (ex. DirectoryEntry, DirectorySearcher, SearchResult, DirectoryEntries, etc), but in many cases you will run into an assortment of issues that usually ends in failure.
Digging into the namespace a little further, Microsoft has developed the System.DirectoryServices.Protocols namespace that gives you the ability to interact with LDAP directories at a lower level than the classes provided by the System.DirectoryServices namespace, but at a higher level than having to write your own LDAPv3 library from scratch.
Below is sample code for a sample C# .Net application and a sample Powershell script that allows interaction with non-Microsoft LDAP directories:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.DirectoryServices.Protocols;
using System.Collections;
namespace TestLDAPBind
{
class Program
{
//Application
Connects to and Searches OpenLDAP directory
static void Main(string[] args)
{
//
Connects to myopenldap.mikesblog.lan using SSL on a non-standard port
LdapConnection c = new LdapConnection("directory.mikesblog.lan:637");
//Set
session options
c.SessionOptions.SecureSocketLayer
= true;
// Pick
Authentication type:
//
Anonymous, Basic, Digest, DPA (Distributed Password Authentication),
//
External, Kerberos, Msn, Negotiate, Ntlm, Sicily
c.AuthType = AuthType.Basic;
// Gets
username and password. There are better ways to do this more securely...
// but
that's not the topic of this post.
Console.Write("Enter
Username: ");
string username = Console.ReadLine();
Console.WriteLine();
Console.Write("Enter
Password: ");
string password = Console.ReadLine();
// Bind
with the network credentials. Depending on the type of server,
// the
username will take different forms. Authentication type is controlled
// above
with the AuthType
c.Bind(new System.Net.NetworkCredential(username,
password));
SearchRequest r = new SearchRequest(
//Base
DN
"ou=users,dc=mikesblog,dc=lan",
//Filter
"(uid=burrm)",
//Search
scope
SearchScope.Subtree,
//params
string [] of attributes... in this case all
"*");
SearchResponse re = (SearchResponse)c.SendRequest(r);
//How
many results do we have?
Console.WriteLine(re.Entries.Count);
foreach (SearchResultEntry i in re.Entries)
{
//Do
something with each entry here, such as read attributes
}
}
}
}The example Powershell port follows:
#Mike Burr
#Script Connects to and Searches OpenLDAP directory
#Load the assemblies
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols")
[System.Reflection.Assembly]::LoadWithPartialName("System.Net")
#Connects to myopenldap.mikesblog.lan using SSL on a non-standard port
$c = New-Object System.DirectoryServices.Protocols.LdapConnection "myopenldap.mikesblog.lan:637"
#Set session options
$c.SessionOptions.SecureSocketLayer = $true;
# Pick Authentication type:
# Anonymous, Basic, Digest, DPA (Distributed Password Authentication),
# External, Kerberos, Msn, Negotiate, Ntlm, Sicily
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic
# Gets username and password.
$user = Read-Host -Prompt "Username"
$pass = Read-Host -AsSecureString "Password"
$credentials = new-object "System.Net.NetworkCredential" -ArgumentList $user,$pass
# Bind with the network credentials. Depending on the type of server,
# the username will take different forms. Authentication type is controlled
# above with the AuthType
$c.Bind($credentials);
$basedn = "ou=users,dc=mikesblog,dc=lan"
$filter = "(uid=burrm)"
$scope = [System.DirectoryServices.Protocols.SearchScope]::Subtree
$attrlist = ,"*"
$r = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList `
$basedn,$filter,$scope,$attrlist
#$re is a System.DirectoryServices.Protocols.SearchResponse
$re = $c.SendRequest($r);
#How many results do we have?
write-host $re.Entries.Count
foreach ($i in $re.Entries)
{
#Do something with each entry here, such as read attributes
}
-->