SkillAgentSearch skills...

Ldap4net

OpenLdap port for DotNet Core (Linux\OSX\Windows)

GenerateConvertImprove

Install / Use

/learn @flamencist/Ldap4net
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

ldap4net

Build Status Build Status NuGet Total NuGet downloads

Cross platform port of OpenLdap Client library (https://www.openldap.org/software/man.cgi?query=ldap)
and Windows Ldap (https://docs.microsoft.com/en-us/windows/win32/api/_ldap/) to DotNet Core

Help support the project:

<a href="https://www.buymeacoffee.com/flamencist" target="_blank"><img src="https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png" alt="Buy Me A Coffee" style="height: auto !important;width: auto !important;" ></a>

For Linux\OSX you must ensure you have the latest OpenLDAP client libraries installed from http://www.openldap.org

For Linux you must also ensure that the appropriate symlinks for libldap.so.2 and liblber.so.2 exist.

It works with any LDAP protocol compatible directory server (including Microsoft Active Directory).

Supported paswordless authentication (Kerberos) on all platforms (on Linux\OSX supported SASL GSSAPI (Kerberos) authentication!).

Sample usage (Kerberos authentication)

using (var cn = new LdapConnection())
{
	// connect
	cn.Connect();
	// bind using kerberos credential cache file
	cn.Bind();
	// call ldap op
	var entries = cn.Search("<<basedn>>", "(objectClass=*)");
}

Overview

Supported platforms

  • Most of popular Linux distributives
  • FreeBSD
  • OSX
  • Windows
  • Supported on the .NET Standard - minimum required is 2.0 - compatible .NET runtimes: .NET Core, Mono, .NET Framework.

Features:

Installation

Install-Package LdapForNet

dotnet add package LdapForNet

Api

Connect

using (var cn = new LdapConnection())
{
	// connect use Domain Controller host from computer hostname and default port 389
	// Computer hostname - mycomp.example.com => DC host - example.com
	cn.Connect();
	....
}


using (var cn = new LdapConnection())
{
	// connect use hostname and port
	cn.Connect("dc.example.com",636);
	....
}


using (var cn = new LdapConnection())
{
	// connect with URI
	cn.Connect(new Uri("ldaps://dc.example.com:636"));
	....
}


using (var cn = new LdapConnection())
{
	// connect with ldap version 2
	cn.Connect(new Uri("ldaps://dc.example.com:636"), LdapForNet.Native.Native.LdapVersion.LDAP_VERSION2);
	....
}

Connect TLS

using (var cn = new LdapConnection())
{
	// connect use hostname and port
	cn.Connect("dc.example.com",389);
	//set true if use self signed certificate for developing purpose
 	cn.StartTransportLayerSecurity(true); 
	....
}

Connect SSL (with self signed certificate)

using (var cn = new LdapConnection())
{
	cn.Connect("dc.example.com", 636, LdapSchema.LDAPS);
	cn.TrustAllCertificates();
	....
}

Connect Timeout

using (var cn = new LdapConnection())
{
	cn.Timeout = new TimeSpan(0, 1 ,0); // 1 minute
	....
}

Bind

using (var cn = new LdapConnection())
{
	cn.Connect();
	// bind using kerberos credential cache file
	cn.Bind();
	...
}


using (var cn = new LdapConnection())
{
	cn.Connect("ldap.forumsys.com");
	// bind using userdn and password
	cn.Bind(LdapAuthMechanism.SIMPLE,"cn=read-only-admin,dc=example,dc=com","password");
	...
}

BindAsync

using (var cn = new LdapConnection())
{
	cn.Connect();
	// bind using kerberos credential cache file
	cn.BindAsync().Wait();
	...
}

Bind Anonymous

using (var cn = new LdapConnection())
{
	cn.Connect();
	cn.Bind(LdapAuthType.Anonymous, new LdapCredential());
	...
}

Bind DIGEST-MD5

About DIGEST-MD5

using (var cn = new LdapConnection())
{
    cn.Connect();

    cn.Bind(LdapAuthType.Digest, new LdapCredential
    {
        UserName = "username",
        Password = "clearTextPassword"
    });
	...
}

Bind SASL EXTERNAL (Client certificate)

About client certificate authentication in openldap

using (var cn = new LdapConnection())
{
    cn.Connect("dc.example.com",636,LdapSchema.LDAPS);
    var cert = new X509Certificate2("yourcert.pfx", "yourstrongpassword",
        X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

    cn.SetClientCertificate(cert);

    cn.Bind(LdapAuthType.External, new LdapCredential());
	...
}

Bind SASL EXTERNAL (Client certificate & Active Directory)

About client certificate authentication

using (var cn = new LdapConnection())
{
    cn.Connect("dc.example.com",636,LdapSchema.LDAPS);
    var cert = new X509Certificate2("yourcert.pfx", "yourstrongpassword",
        X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);

    cn.SetClientCertificate(cert);

    cn.Bind(LdapAuthType.ExternalAd, new LdapCredential());
	...
}

Bind SASL EXTERNAL (Unix Socket)

using (var cn = new LdapConnection())
{
    cn.ConnectI("/tmp/yoursocketfile.unix");
    cn.Bind(LdapAuthType.External, new LdapCredential());
	...
}

Bind SASL proxy

About SASL auhtorization proxy

Works on UNIX systems


using (var cn = new LdapConnection())
{
    cn.Connect();

    cn.Bind(LdapAuthType.Digest, new LdapCredential
    {
        UserName = "username",
        Password = "clearTextPassword",
        AuthorizationId = "dn:cn=admin,dc=example,dc=com" 
    });
	...
}

Works on UNIX systems

using (var cn = new LdapConnection())
{
    cn.Connect();

    cn.Bind(LdapAuthType.Digest, new LdapCredential
    {
        UserName = "username",
        Password = "clearTextPassword",
        AuthorizationId = "u:admin" 
    });
	...
}

Works on UNIX systems

using (var cn = new LdapConnection())
{
    cn.Connect();

    cn.Bind(LdapAuthType.GssApi, new LdapCredential
    {
        AuthorizationId = "u:admin"

flamencist

View profile

View on GitHub
GitHub Stars226
CategoryDevelopment
Updated1mo ago
Forks39
flamencist/ldap4net

Languages

C#

Security Score

100/100

Audited on Feb 25, 2026

No findings