Friday, March 8, 2013

Yahoo is Down

Looks like Yahoo is down...around 10:00 MST on 3/8/13. Looks like the outage just affects Finance. Other Yahoo sites are still accessible. Looks like it came back up around 10:30.




Thursday, March 7, 2013

Searching Non-Microsoft LDAP Directories With .Net and Powershell

In this series on working with non-Microsoft directories in PowerShell and .Net

 
It is relatively straightforward to write .Net applications against Active Directory (AD) and Active Directory Lightweight Directory Services (ADLDS), but a number of challenges arise from writing applications against non-Microsoft directories.

More often than you would think, I am confronted with the use case of connecting to a non-Microsoft directory (ex. OpenLDAP, Oracle Internet Directory, IBM Directory Server, and Novell eDirectory). In a few cases, you can use the same classes that you would with AD or ADLDS that exist in the System.DirectoryServices namespace (ex. DirectoryEntry, DirectorySearcher, SearchResult, DirectoryEntries, etc), but in many cases you will run into an assortment of issues that usually ends in failure.

Digging into the namespace a little further, Microsoft has developed the System.DirectoryServices.Protocols namespace that gives you the ability to interact with LDAP directories at a lower level than the classes provided by the System.DirectoryServices namespace, but at a higher level than having to write your own LDAPv3 library from scratch.

Below is sample code for a sample C# .Net application and a sample Powershell script that allows interaction with non-Microsoft LDAP directories:






using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks;

using System.DirectoryServices.Protocols;

using System.Collections;



namespace TestLDAPBind

{

    class Program

    {

        //Application Connects to and Searches OpenLDAP directory

        static void Main(string[] args)

        {

            // Connects to myopenldap.mikesblog.lan using SSL on a non-standard port

            LdapConnection c = new LdapConnection("directory.mikesblog.lan:637");

          

            //Set session options

            c.SessionOptions.SecureSocketLayer = true;

           

            // Pick Authentication type:

            // Anonymous, Basic, Digest, DPA (Distributed Password Authentication),

            // External, Kerberos, Msn, Negotiate, Ntlm, Sicily

            c.AuthType = AuthType.Basic;

           

           

            // Gets username and password. There are better ways to do this more securely...

            // but that's not the topic of this post.

            Console.Write("Enter Username: ");

            string username = Console.ReadLine();

           

            Console.WriteLine();



            Console.Write("Enter Password: ");

            string password = Console.ReadLine();



            // Bind with the network credentials. Depending on the type of server,

            // the username will take different forms. Authentication type is controlled

            // above with the AuthType

            c.Bind(new System.Net.NetworkCredential(username, password));



            SearchRequest r = new SearchRequest(

                //Base DN

                "ou=users,dc=mikesblog,dc=lan",

                //Filter

                "(uid=burrm)",

                //Search scope

                SearchScope.Subtree,

                //params string [] of attributes... in this case all

                "*");



            SearchResponse re = (SearchResponse)c.SendRequest(r);



            //How many results do we have?

            Console.WriteLine(re.Entries.Count);



            foreach (SearchResultEntry i in re.Entries)

            {

                //Do something with each entry here, such as read attributes

            }

         

        }

    }
}



The example Powershell port follows:

#Mike Burr
#Script Connects to and Searches OpenLDAP directory

#Load the assemblies
[System.Reflection.Assembly]::LoadWithPartialName("System.DirectoryServices.Protocols")
[System.Reflection.Assembly]::LoadWithPartialName("System.Net")


#Connects to myopenldap.mikesblog.lan using SSL on a non-standard port
$c = New-Object System.DirectoryServices.Protocols.LdapConnection "myopenldap.mikesblog.lan:637"
          
#Set session options
$c.SessionOptions.SecureSocketLayer = $true;
           
# Pick Authentication type:
# Anonymous, Basic, Digest, DPA (Distributed Password Authentication),
# External, Kerberos, Msn, Negotiate, Ntlm, Sicily
$c.AuthType = [System.DirectoryServices.Protocols.AuthType]::Basic
           
# Gets username and password.
$user = Read-Host -Prompt "Username"
$pass = Read-Host -AsSecureString "Password"

$credentials = new-object "System.Net.NetworkCredential" -ArgumentList $user,$pass

# Bind with the network credentials. Depending on the type of server,
# the username will take different forms. Authentication type is controlled
# above with the AuthType
$c.Bind($credentials);

$basedn = "ou=users,dc=mikesblog,dc=lan"
$filter = "(uid=burrm)"
$scope = [System.DirectoryServices.Protocols.SearchScope]::Subtree
$attrlist = ,"*"

$r = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList `
                $basedn,$filter,$scope,$attrlist

#$re is a System.DirectoryServices.Protocols.SearchResponse
$re = $c.SendRequest($r);

#How many results do we have?
write-host $re.Entries.Count

foreach ($i in $re.Entries)
{
   #Do something with each entry here, such as read attributes


-->