Can not search LDAP Directory Services get errors like "The parameter is incorrect" and "Unspecified error".

I am trying to use Microsoft dot Net (C#) to connect to my company directory services. Found a freeware tool "Softerra LDAP Browser" that I can use to connect with no problem. When I try to connect from my Web program using Microsoft "DirectoryServices", however, I am always getting error messages like "The parameter is incorrect" and "Unspecified error". Think that the problem has to do with the fact that in ASP.Net I am using the Internet Guest Account (USR_*) instead of my own account, and this account does not have authentication to the LDAP server. Trying to get around this problem by using my account for authentication, but have not had any luck so far. Also I am worried that my access might be blocked somehow but IT policies on my personal computer which has their version of Windows. Have run into this problem in the past where something that works on my server does not work on my PC. Problem is I do not have my new server yet.

If any of this makes sense to you I would really appreciate any help you might give me.
 
wsfindlaterAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

existenz2Commented:
An error like "The parameter is incorrect" suggests that you are connected to the LDAP server, but that you are performing a query which is not possible or trying to access something with bad parameters.
0
ihenryCommented:
You can do a whois look up to know who is authenticated using Http.Current.User.Identity.Name (or Thread.CurrentThread.CurrentPrincipal). With anonymous access enable, you will get either ASPNET (or 'NT AUTHORITY\Network Service' for Win2K3) or IUSR_<machine> account depending on whether or not impersonation is enabled. On the other hand, if you disable anonymous access and enable Integrated Windows Authentication, the expression will return the name of the user, e.g. domain\username.

Some another things to look at is to run nslookup.exe and see if it can resolve the domain name. Also, check whether your network enforces kerberos delegation. If that the case, the domain user, IIS, the PC, browser must be trusted for delegation. And lastly, please post the piece of code that's giving the problem, maybe someone could see something unobviously wrong in it.

Henry
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wsfindlaterAuthor Commented:
This is my code:


using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.DirectoryServices;
using System.IO;

namespace DirectoryServices
{
      /// <summary>
      /// Summary description for WebForm1.
      /// </summary>
      public class WebForm1 : System.Web.UI.Page
      {

            private void Page_Load(object sender, System.EventArgs e)
            {
                  try
                  {
//                        string LDAPServerName = "ldap://ldap.directory.ray.com:389/ou=person,o=raytheon.com,c=us??base?(uid=hac61882)";
                        string LDAPServerName = "ldap://ldap.directory.ray.com:389/ou=person,o=raytheon.com,c=us";
                        DirectoryEntry entry = new DirectoryEntry(LDAPServerName);
//                        entry.Username = "uid=HAC61882,ou=employee,ou=person,o=raytheon.com,c=US";
//                        entry.Username = "uid=HAC61882";
//                        entry.Password = "";
//                        entry.AuthenticationType = AuthenticationTypes.Secure;
                        entry.AuthenticationType = AuthenticationTypes.Anonymous;
                        DirectorySearcher mySearcher = new DirectorySearcher(entry);
                        mySearcher.PropertiesToLoad.Add("nickName");
                        SearchResultCollection results;
                        mySearcher.Filter = "(uid=HAC61882)";
                        results = mySearcher.FindAll();
                        foreach(SearchResult resEnt in results)
                        {
                              ResultPropertyCollection propcoll=resEnt.Properties;
                              foreach(string key in propcoll.PropertyNames)
                              {
                                    foreach(object values in propcoll[key])
                                    {
                                          Response.Write(values.ToString());
                                    }
                              }
                        }
                  }
                  catch(Exception e1)
                  {
                        LogTrace("WebForm1.aspx.cs","Page_Load,Error,e1=" + e1.Message);
                  }
            }
            #region Web Form Designer generated code
            override protected void OnInit(EventArgs e)
            {
                  //
                  // CODEGEN: This call is required by the ASP.NET Web Form Designer.
                  //
                  InitializeComponent();
                  base.OnInit(e);
            }
            
            /// <summary>
            /// Required method for Designer support - do not modify
            /// the contents of this method with the code editor.
            /// </summary>
            private void InitializeComponent()
            {    
                  this.Load += new System.EventHandler(this.Page_Load);

            }
            #endregion
            private void LogTrace (string Catagory, string szMyString )
            {
                  if (Trace.IsEnabled)
                  {
                        Trace.Write(Catagory,szMyString);
                        StreamWriter wrter = File.AppendText ( MapPath("log.csv") );
                        wrter.Write( DateTime.Now.ToShortTimeString() + "," +
                              DateTime.Now.Ticks.ToString("d") + "," + Catagory + "," + szMyString + "\n" );
                        wrter.Flush();
                        wrter.Close();
                  }
            }

      }
}
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

ihenryCommented:
The LDAP provider is case sensitive and needs to be upper case.

string LDAPServerName = "LDAP://ldap.directory.ray.com:389/ou=person,o=raytheon.com,c=us";

Henry
0
wsfindlaterAuthor Commented:
Found out from a college of mine the Microsoft Directory Services does not support Novell LDAP (sufficiently).
Had to use a special .dll that Novell has created to support .Net "Novell.Directory.Ldap.dll"

This can be found at:

   http://www.novell.com/coolsolutions/feature/11204.html

Nevertheless, thanks for your efforts.

0
ihenryCommented:
mm..I'm not sure how valid the statement is. I have seen people (including myself) used System.DirectoryServices with non Microsoft LDAP directory servers, e.g. Novell eDirectory, iPlanet, etc to do normal user management tasks without any problem.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.