Solved

Sorting AD entries based on OU - Error:The server does not support the requested critical extension

Posted on 2004-09-01
24
2,872 Views
Last Modified: 2013-11-19
I am using a DirectorySearcher to return results from an LDAP query.

I got the code from the following book:

Professional C# 2nd Edition from Wrox

It works fine until I add in the line indicated below which is supposed to just sort my results.  Then I get this error :
"The server does not support the requested critical extension"


CODE:
========================================
using (DirectoryEntry de = new DirectoryEntry())
{
      // Set credentials of an AD account to "Run As"
      de.Username = XXXXXXXXXXXXXX;
      de.Password = XXXXXXXXXXXXXX;

      // Set active LDAP path
      de.Path = LDAPpath;
      using (DirectorySearcher searcher = new DirectorySearcher())
      {
            searcher.SearchRoot = de;
            searcher.Filter = "(&(objectClass=user))";
            searcher.SearchScope = SearchScope.Subtree;

            searcher.PropertiesToLoad.Add("sn");
            searcher.PropertiesToLoad.Add("givenName");
            searcher.PropertiesToLoad.Add("distinguishedName");

    /****The following line causes the error - if I remove this line it works, but unsorted ****/
            searcher.Sort = new SortOption("distinguishedName", SortDirection.Ascending);

            SearchResultCollection results = searcher.FindAll();

            UserListRepeater.DataSource = results;
            UserListRepeater.DataBind();
      }
}
========================================



Any ideas?
0
Comment
Question by:mrichmon
  • 14
  • 10
24 Comments
 
LVL 35

Author Comment

by:mrichmon
ID: 11958648
Found out that if you sort on a different column it works, just not on the distingushedName column.

What I really am trying to do (which I realized the above won't work anyway) is to sort on the OU.  Andy ideas?
0
 
LVL 20

Expert Comment

by:ihenry
ID: 11983566

None of Windows Server supports indexed distinguishedName attribute that I'm aware of.

Check this article
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_distinguishedname.asp

And the other two attributes works because they are fully indexable,
http://msdn.microsoft.com/library/en-us/adschema/adschema/a_givenname.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/adschema/a_sn.asp


HTH
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11986289
Yes I understand that - I figured it out when I found that it worked on other columns - but the real question, as I mentioned above is how do I sort results based on the OU - since MS doesnt support sorting on the one field that contains this information?
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 20

Expert Comment

by:ihenry
ID: 11987220

The easiest way, I think, is to sort by "Canonical-Name" attribute. It is canonical format of distinguished name.

Canonical-Name
http://msdn.microsoft.com/library/en-us/adschema/adschema/a_canonicalname.asp

Ldap has some limitation on attributes sorting but you can always create a collection class and handle the sorting algorithm yourself.
0
 
LVL 35

Author Comment

by:mrichmon
ID: 11991469
No that will sort including the user name which is part of the cn

I do not want the sort based at all on the user, but on the OU the user belongs to.
0
 
LVL 20

Expert Comment

by:ihenry
ID: 11997851

You want to sort based on parent distinguished name that contains the user, right? so it can  be OrganizationalUnit (OU), container, or other object class that can contain other objects. And how you want your search result to be listed down? something similar like this, I guess

User                  container
-------------            -----------------------------
krbtgt                  CN=Users,DC=domain07,DC=local
Administrator            CN=Users,DC=domain07,DC=local
Guest                  CN=Users,DC=domain07,DC=local
IUSR_ADAM            CN=Users,DC=domain07,DC=local
Admin                  OU=IntranetUsers,DC=domain07,DC=local
Henry                  OU=IntranetUsers,DC=domain07,DC=local
Celestial Palas            OU=IntranetUsers,DC=domain07,DC=local

When sorting by canonicalName, your search result would look something like this

User                  container
-------------            -----------------------------
Administrator            domain07.local/Users/Administrator
Guest                  domain07.local/Users/Guest
IUSR_ADAM            domain07.local/Users/IUSR_ADAM
krbtgt                  domain07.local/Users/krbtgt
Admin                  domain07.local/IntranetUsers/Admin
Celestial Palas            domain07.local/IntranetUsers/Celestial Palas
Henry                  domain07.local/IntranetUsers/Henry

If the search result contains multiple domains and container types, the list is still listed down in correct order than just sorting by "OU".
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12046942
When I print out cn I get the user's first and last name.

So adding this code to above :

searcher.PropertiesToLoad.Add("cn");

Gives this :

Smith, John

0
 
LVL 35

Author Comment

by:mrichmon
ID: 12046959
When I try :

searcher.PropertiesToLoad.Add("Canonical-Name");

It errors out if I try to display since it is not loaded - i.e. NULL
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12047170
Use ldap display name which is canonicalName not Canonical-Name.
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12048311
Okay I tested that just to be sure, but I was correct

canonicalName DOES include the username which means that it is included in the sort.

I do NOT want username included in the sort.  I want a sort on OU only.

0
 
LVL 35

Author Comment

by:mrichmon
ID: 12183720
Well I tried actually sorting by canonicalName instead of just displaying it and I get the following error:

The server does not support the requested critical extension
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: The server does not support the requested critical extension

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12189837
mrichmon,
Please post some of your code, if possible I'll try to run it on my machine.
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12191461
I posted the code above.  I have just been changing the sort option line....
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12198853

The error occured because...Canonical-Name attribute turns out to be not sortable! :o((  I must have read the documentation wrongly, my bad..I'm sorry for that.

I looked at the all indexable attributes for AD, but nothing seems to help. And to sort on multiple attributes is also not doable. I think your best bet now is to rely on your own sorting algorithm. Anyway try the code below, it was tested using ADAM and worked perfectly on my machine. Hope it's useful for you.


//-------------- aspx.cs
public class ADSearcher : System.Web.UI.Page
{
      protected System.Web.UI.WebControls.DataGrid DataGrid1;

      private void Page_Load(object sender, System.EventArgs e)
      {
            if ( !Page.IsPostBack )
            {
                  SortedList list = SearchUser( "LDAP://xx.xx.68.xxx:50000/OU=Customers,O=myCompany,C=us", "CN=Admin,O=myCompany,C=us", "Abcde123" );
                  DataGrid1.DataSource = list;
                  DataGrid1.DataBind();
            }
      }

      public SortedList SearchUser( String ldapPath, String userName, String password )
      {
            String[] propertyNames = new String[] { "canonicalName", "distinguishedName", "givenName", "sn" };

            DirectoryEntry de = new DirectoryEntry( ldapPath, userName, password, AuthenticationTypes.ServerBind );
            DirectorySearcher ds = new DirectorySearcher( de );
            ds.PropertiesToLoad.AddRange( propertyNames );

            String qry = "(&(objectClass=user)(objectCategory=person))";
            ds.Filter = qry;

            SortedList list = null;
            try
            {
                  SearchResultCollection src = ds.FindAll();
                  if ( src.Count > 0 )
                  {
                        list = new SortedList( src.Count );

                        foreach ( SearchResult sr in src )
                        {
                              Hashtable properties = new Hashtable(CaseInsensitiveHashCodeProvider.DefaultInvariant, CaseInsensitiveComparer.DefaultInvariant);
                              String dn = (String) sr.Properties["distinguishedName"][0];
                              foreach ( String propertyName in propertyNames )
                              {
                                    if ( sr.Properties.Contains(propertyName) )
                                    {
                                          if ( sr.Properties[propertyName] != null )
                                                properties[propertyName] = sr.Properties[propertyName][0];
                                          else
                                                properties[propertyName] = null;
                                    }
                              }
                              list.Add( dn, properties );
                        }
                  }
                  return list;
            }
            catch (COMException)
            {
                  throw;
            }
            finally
            {
                  if (de != null) de.Dispose();
                  if (ds != null) ds.Dispose();
            }
      }

      #region Web Form Designer generated code
      override protected void OnInit(EventArgs e)
      {
            //
            // CODEGEN: This call is required by the ASP.NET Web Form Designer.
            //
            InitializeComponent();
            base.OnInit(e);
      }
      
      /// <summary>
      /// Required method for Designer support - do not modify
      /// the contents of this method with the code editor.
      /// </summary>
      private void InitializeComponent()
      {    
            this.Load += new System.EventHandler(this.Page_Load);

      }
      #endregion
}

//-------------- aspx
<%@ Import Namespace="System.Collections" %>
<HTML>
      <HEAD>
            <title></title>
      </HEAD>
      <body>
            <form id="Form1" method="post" runat="server">
                  <p><asp:datagrid id="DataGrid1" runat="server" AutoGenerateColumns="False" CellPadding="3" BorderColor="#E7E7FF"
                              BorderStyle="None" BorderWidth="1px" BackColor="White" GridLines="Horizontal">
                              <SelectedItemStyle Font-Bold="True" ForeColor="#F7F7F7" BackColor="#738A9C"></SelectedItemStyle>
                              <AlternatingItemStyle BackColor="#F7F7F7"></AlternatingItemStyle>
                              <ItemStyle ForeColor="#4A3C8C" BackColor="#E7E7FF"></ItemStyle>
                              <HeaderStyle Font-Bold="True" ForeColor="#F7F7F7" BackColor="#4A3C8C"></HeaderStyle>
                              <FooterStyle ForeColor="#4A3C8C" BackColor="#B5C7DE"></FooterStyle>
                              <Columns>
                                    <asp:TemplateColumn HeaderText="Canonical-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( (Hashtable) DataBinder.Eval(Container.DataItem, "value") )["canonicalName"] %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                                    <asp:TemplateColumn HeaderText="Obj-Dist-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( (Hashtable) DataBinder.Eval(Container.DataItem, "value") )["distinguishedName"] %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                                    <asp:TemplateColumn HeaderText="Given-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( (Hashtable) DataBinder.Eval(Container.DataItem, "value") )["givenName"] %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                                    <asp:TemplateColumn HeaderText="Surname">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( (Hashtable) DataBinder.Eval(Container.DataItem, "value") )["sn"] %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                              </Columns>
                              <PagerStyle HorizontalAlign="Right" ForeColor="#4A3C8C" BackColor="#E7E7FF" Mode="NumericPages"></PagerStyle>
                        </asp:datagrid></p>
            </form>
      </body>
</HTML>


Good Luck!
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12202328
It doesn't quite work, but is an interesting idea...


At first I used distinguishedName, but that was very unsorted.

Then I tried canonicalName in the sort and I found that the results I get are mostly sorted, but not completely

I have an OU structure like :

My Users
 --> Standard
        --> Other
        --> Managers
        --> Career Staff
              --> Temporary Staff
 --> Admin
        --> Restricted Admin
etc...

The results come up like (note I display OU as a dash separated list):

Admin
Admin
Admin - Restricted Admin
Admin - Restricted Admin
Admin - Restricted Admin
Standard
Standard - Managers
Standard - Managers
Standard
Standard - Other
Standard
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff - Temporary Staff
Standard - Career Staff
etc...


I would expect this :
Admin
Admin
Admin - Restricted Admin
Admin - Restricted Admin
Admin - Restricted Admin
Standard
Standard
Standard
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff
Standard - Career Staff - Temporary Staff
Standard - Managers
Standard - Managers
Standard - Other
etc...
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12225198

That's pretty easy to achieve with custom comparer.

//-------------- aspx.cs
public class ADSearcher : System.Web.UI.Page
{
      protected System.Web.UI.WebControls.DataGrid DataGrid1;

      private void Page_Load(object sender, System.EventArgs e)
      {
            if ( !Page.IsPostBack )
            {
                  Hashtable[] list = SearchUser( "LDAP:/xx.xx.68.xxx/OU=MyUsers,O=myCompany,C=us", "CN=Admin,O=myCompany,C=us", "Abcde123" );
                  Array.Sort( list, new CanonicalNameComparer() );
                  DataGrid1.DataSource = list;
                  DataGrid1.DataBind();
            }
      }

      private Hashtable[] SearchUser( String ldapPath, String userName, String password )
      {
            String[] propertyNames = new String[] { "cn", "canonicalName", "distinguishedName", "givenName", "sn" };

            DirectoryEntry de = new DirectoryEntry( ldapPath, userName, password, AuthenticationTypes.ServerBind );
            DirectorySearcher ds = new DirectorySearcher( de );
            ds.PropertiesToLoad.AddRange( propertyNames );

            String qry = "(&(objectClass=user)(objectCategory=person))";
            ds.Filter = qry;

            Hashtable[] list = null;
            try
            {
                  SearchResultCollection src = ds.FindAll();
                  if ( src.Count > 0 )
                  {
                        list = new Hashtable[src.Count];
                        for ( int i=0; i<src.Count; i++ )
                        {
                              Hashtable properties = new Hashtable(CaseInsensitiveHashCodeProvider.DefaultInvariant, CaseInsensitiveComparer.DefaultInvariant);
                              foreach ( String propertyName in propertyNames )
                              {
                                    if ( src[i].Properties.Contains(propertyName) )
                                    {
                                          if ( src[i].Properties[propertyName] != null )
                                                properties[propertyName] = src[i].Properties[propertyName][0];
                                          else
                                                properties[propertyName] = null;
                                    }
                              }
                              list[i] = properties;
                        }
                  }
                  return list;
            }
            catch (COMException)
            {
                  throw;
            }
            finally
            {
                  if (de != null) de.Dispose();
                  if (ds != null) ds.Dispose();
            }
      }

      #region Web Form Designer generated code
      override protected void OnInit(EventArgs e)
      {
            //
            // CODEGEN: This call is required by the ASP.NET Web Form Designer.
            //
            InitializeComponent();
            base.OnInit(e);
      }
      
      /// <summary>
      /// Required method for Designer support - do not modify
      /// the contents of this method with the code editor.
      /// </summary>
      private void InitializeComponent()
      {    
            this.Load += new System.EventHandler(this.Page_Load);

      }
      #endregion
}

public class CanonicalNameComparer : IComparer
{
      #region IComparer Members

      public int Compare(object x, object y)
      {
            if ( !(x is Hashtable) || !(y is Hashtable) )
                  throw new ArgumentException( "value must be of type 'Hashtable'" );

            Hashtable xh = x as Hashtable;
            Hashtable yh = y as Hashtable;
            if ( !xh.ContainsKey("canonicalName") || !yh.ContainsKey("canonicalName") )
                  return 0;

            String xdn = ExtractDN( (String) xh["canonicalName"] );
            String ydn = ExtractDN( (String) yh["canonicalName"] );
            if ( xdn == ydn )
            {
                  String xcn = (String) xh["cn"];
                  String ycn = (String) yh["cn"];
                  return String.Compare(xcn, ycn);
            }
            else
                  return String.Compare(xdn, ydn);
      }

      private String ExtractDN( String dn )
      {
            int i = dn.LastIndexOf("/");
            return dn.Substring( 0, i );
      }
      #endregion
}

//-------------- aspx
<%@ Import Namespace="System.Collections" %>
<HTML>
      <HEAD>
            <title></title>
      </HEAD>
      <body>
            <form id="Form1" method="post" runat="server">
                  <p><asp:datagrid id="DataGrid1" runat="server" CellPadding="3" BorderColor="#E7E7FF" BorderStyle="None"
                              BorderWidth="1px" BackColor="White" GridLines="Horizontal" AutoGenerateColumns="False">
                              <SelectedItemStyle Font-Bold="True" ForeColor="#F7F7F7" BackColor="#738A9C"></SelectedItemStyle>
                              <AlternatingItemStyle BackColor="#F7F7F7"></AlternatingItemStyle>
                              <ItemStyle ForeColor="#4A3C8C" BackColor="#E7E7FF"></ItemStyle>
                              <HeaderStyle Font-Bold="True" ForeColor="#F7F7F7" BackColor="#4A3C8C"></HeaderStyle>
                              <FooterStyle ForeColor="#4A3C8C" BackColor="#B5C7DE"></FooterStyle>
                              <Columns>
                                    <asp:TemplateColumn HeaderText="Canonical-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( DataBinder.Eval(Container, "DataItem[canonicalName]") ) %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                                    <asp:TemplateColumn HeaderText="Obj-Dist-Name">
                                          <HeaderStyle Font-Bold="True" HorizontalAlign="Center"></HeaderStyle>
                                          <ItemTemplate>
                                                <%# ( DataBinder.Eval(Container, "DataItem[distinguishedName]") ) %>
                                          </ItemTemplate>
                                    </asp:TemplateColumn>
                              </Columns>
                              <PagerStyle HorizontalAlign="Right" ForeColor="#4A3C8C" BackColor="#E7E7FF" Mode="NumericPages"></PagerStyle>
                        </asp:datagrid></p>
            </form>
      </body>
</HTML>
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12227397
What I don't understand is if it is sorting why are all the same ones not together currently?
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12227792

The sorting is being done in client side not AD, what does it look like in your machine?
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12228352
What do you mean client side?  I understand that it is not done in AD but it should be done in the ASP.NET server side.

However, the above code with a custom comparator did seem to work.

Thanks.
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12228436
Whoops I just noticed that the above sorts only OU (whereas the Sorted List - although not perfect -also sorted secondarily by last name)

Is there a way to modify this to sort first by canonicalName, then by sn then givenName?

Thanks so much!
0
 
LVL 20

Accepted Solution

by:
ihenry earned 500 total points
ID: 12260766
>> whereas the Sorted List - although not perfect -also sorted secondarily by last name
That because its elements are sorted by keys. And If the keys are Canonical-Name attribute
each will contain cn attribute in which last name usually is part of it.

>> Is there a way to modify this to sort first by canonicalName, then by sn then givenName?
Sure it is, replace the DistinguishedNameComparer class with this one

public class DistinguishedNameComparer : IComparer
{
      #region IComparer Members

      public int Compare(object x, object y)
      {
            if ( !(x is Hashtable) || !(y is Hashtable) )
                  throw new ArgumentException( "value must be of type 'Hashtable'" );

            Hashtable xh = x as Hashtable;
            Hashtable yh = y as Hashtable;
            if ( !xh.ContainsKey("canonicalName") || !yh.ContainsKey("canonicalName") )
                  return 0;

            String xSortString = ExtractDN( (String) xh["canonicalName"] );
            String ySortString = ExtractDN( (String) yh["canonicalName"] );

            if ( xSortString == ySortString )
            {
                  xSortString = (String) xh["sn"] + (String) xh["givenName"];
                  ySortString = (String) yh["sn"] + (String) yh["givenName"];
            }

            return String.Compare( xSortString, ySortString );
      }

      private String ExtractDN( String dn )
      {
            int i = dn.LastIndexOf("/");
            return dn.Substring( 0, i +1 );
      }

      #endregion
}
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12261654
Thanks that worked!
0
 
LVL 35

Author Comment

by:mrichmon
ID: 12261659
And thanks for being so patient!
0
 
LVL 20

Expert Comment

by:ihenry
ID: 12262622

No problem, mrichmon. Anytime..
And have a nice weekend!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Shoutout to Emily Plummer (http://www.experts-exchange.com/members/eplummer26.html) for giving me this article! She did most of it, I just finished it up and posted it for her :)    Introduction In a previous article (http://www.experts-exchang…
Performance in games development is paramount: every microsecond counts to be able to do everything in less than 33ms (aiming at 16ms). C# foreach statement is one of the worst performance killers, and here I explain why.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question