In order to perform this operation a successful bind must be completed on the connection #108
Comments
|
Hi! |
Thank you for reply, when you say check AD server and openldap from your container what exactly you meant? I have updated my code to be completely SYNC earlier it was mix of ASYNC + SYnc after that it worked couple of times and again throwing same error where as is in local working just fine |
|
I guess that the host is available and the OpenLDAP tools are installed. So I got a similar error when a limit of connections was increased. Please check AD server logs. Probably you need to cache the Ldap connection. Also check count of returned records if you use search requests. |
Thank you for additional recommendations. I was using LDAP via ALB - now I switched to a specific LDAP instance to test it out - but same issue on server where as in local no issue. My search is for a specific person every time and I am disposing connection after my work now. Does this sound best practice ? when we say cache Ldap connection - are you saying we have to keep that open always? also do we need any certificate related settings? How we can validate if Bind is success? Always one record comes back with it's attributes |
|
Try change search query for retrieving single entity for testing purpose. If it will work then check Active Directory forest and use single server. Probably issue with Referral Chasing mode. |
|
Hey. I have the same problem on linux (LDAPS). Used TrustAllCertificates(); SetOption(LdapOption.LDAP_OPT_REFERRALS, 0); |
|
@namespacedevbox please provide sample on Linux |
|
@flamencist you can reproduce this error with this code snippet: var groupName = "MyGroup";
using (var connection = new LdapConnection())
{
connection.Connect("my.company.local", 636, LdapSchema.LDAPS);
connection.TrustAllCertificates();
connection.SetOption(LdapOption.LDAP_OPT_REFERRALS, 0);
connection.Bind(LdapAuthType.Simple, new LdapCredential() { UserName = @"my\administrator", Password = "password" });
var groupFilter = $"(&(objectCategory=group)(name={groupName}))";
var groupSearchRequest = new SearchRequest("dc=my,dc=company,dc=local", groupFilter, LdapSearchScope.LDAP_SCOPE_SUBTREE);
var groupResponse = (SearchResponse)connection.SendRequest(groupSearchRequest); // <= Operations error. 000004DC: LdapErr: DSID-0C090A57...
// Other logic
}it is mandatory to have two AD domain controllers in the local network. If required, I can give you access to the Linux virtual machine where this issue is reproducible (VPN + SSH). |
|
Try BindAsync instead of Bind |
|
BindAsync |
|
Is ldapsearch from ldap-utils worked? |
|
Yes, works on two controllers |
|
Is this issue resolved at all ?, having the same problem with a Ubuntu Server 20.04 and net Framework 5.0 |
|
@redarccoder please put details: full error message, request, server configuration |
|
Also try to use Global Catalog https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc978012(v=technet.10) |
|
I just hit these same problem - the Bind() method works, and no exception is thrown (if I deliberately set the password wrong, I do get an exception in all cases). However, unless I am targetting a GC server like this: Then I get the same exception if I attempt to send a SearchRequest. On Windows, it works without the explicit targetting of a GC. The problem is, ideally when configuring the service, a customer would put the generic domain-name into configuration, since a specific domain controller might not be always available. And if they put the generic domain-name in, this might not (I assume) resolve to a GC domain controller. I could kinda solve (or at least make less dangerous) by requesting a couple of DCs and then testing - but it seems clunky. Interesting that it seems to require a GC as the target in the first place though... this seems like a bug (or at least a platform difference) |
|
Same issue here. What I've observed by debugging into the LdapConnection class is that the search I'm doing actually succeeds, but comes back with the operations error. public DirectoryResponse SendRequest(DirectoryRequest directoryRequest)
{
ThrowIfNotBound();
var requestHandler = SendRequest(directoryRequest, out var messageId);
var response = ProcessResponse(directoryRequest, requestHandler, messageId, CancellationToken.None);
ThrowIfResponseError(response);
return response;
}The exception is thrown by Update: |
|
I encountered the same issue on Linux. Comparing ldapsearch and this library in Wireshark, I see ldap4net sends an additional bind request after it had received a "bindResponse success" for the sasl/gss login. Any idea how to fix this? |
|
I managed to fix this, you need to turn off referrals by: |
|
@irsl I Have the same problem , I tried
do you have a example of the workaround of this issue? |
|
Is this issue resolved, getting the same error on Windows 10 as well. |
Describe the bug
During Bind error out
"LdapForNet.LdapOperationsErrorException: Operations error. 000004DC: LdapErr: DSID-0C0907E9, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580. Result: 1. Method: ldap_parse_result. Details: ErrorMessage: 000004DC: LdapErr: DSID-0C0907E9, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580\nTo Reproduce
Write a .net core 3.1 app to query for a CN based resource - on BIND it is breaking on server container where as working fine in local docker Linux container
Expected behavior
Bind should be successful
Desktop (please complete the following information):
Additional context
I have tested same code in local with Docker Linux container which worked just fine but when deployed on server and ran API it throw above error - curious to know what is happening. I am using SIMPLE authentication method using credentials.
The text was updated successfully, but these errors were encountered: