LDAPS 连接出现未知错误 (0x80005000)

Unknown Error (0x80005000) with LDAPS Connection(LDAPS 连接出现未知错误 (0x80005000))
本文介绍了LDAPS 连接出现未知错误 (0x80005000)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

过去几个小时我一直被一个烦人的 Active Directory 问题困扰.

I've been stuck for the last couple of hours on an annoying Active Directory bit.

我想要完成的是通过 SSL 上的 LDAP 连接到 Active Directory.身份验证类型是匿名的.我使用的是 .NET Framework 4.0、C# 和 Visual Studio 2010.

What I'm trying to accomplish is connect to an Active Directory via LDAP over SSL. The authentication type is anonymous. I'm using .NET Framework 4.0, C# and Visual Studio 2010.

以下代码应根据各种在线资源工作.但它不断出现惊人的不言自明的:未知错误 (0x80005000)".

The following code should work according to various online resources. But it keeps coming up with the amazing self-explanatory: 'Unknown Error (0x80005000)'.

DirectoryEntry entry = new DirectoryEntry();
entry.Path = "LDAPS://some.ldap.server:636";
entry.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;

DirectorySearcher searcher = new DirectorySearcher();
searcher.searchRoot = entry;
searcher.Filter = "(&(objectCategory=person)(objectClass=user))";

SearchResultCollection results = searcher.FindAll();

我已将要执行的实际查询简化为您在代码中找到的查询.但即使使用这个通用查询(它应该在每个 AD 上返回工作?)它也会返回错误.

I've simplified the actual query I want to perform to the one you find in the code. But even with this generic query (it should return work on every AD?) it returns the error.

推荐答案

终于!

似乎 ASP.NET 应用程序没有权限(或不知道如何)在机器级别检查受信任的证书存储.由于证书是自签名的,ASP.NET 应用程序拒绝建立连接.

It seems that an ASP.NET application does not have the rights (or doesn't know how) to examine the trusted certificate store at machine level. Since the certificate was self-signed the ASP.NET application refused to establish a connection.

我使用自定义证书验证解决了这个问题.以下代码发挥了作用:

I fixed the problem using custom certificate validation. The following code did the trick:

LdapConnection con = new LdapConnection(new LdapDirectoryIdentifier("server", port));
con.SessionOptions.SecureSocketLayer = true;
con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(ServerCallback);
con.Credential = new NetworkCredential(String.Empty, String.Empty);
con.AuthType = AuthType.Basic;
con.Bind();

由于我确定证书有效,ServerCallBack 方法如下所示:

Since I am sure the certificate is valid, the ServerCallBack method looks like this:

public static bool ServerCallBack(LdapConnection connection, X509Certificate certificate)
{
    return true;
}

但您当然可以随时从本地计算机检索证书并对其进行验证.

But you can always of course retrieve the certificate from the local machine and validate it.

本例中使用的命名空间是:

The namespace used in this example is:

System.DirectoryServices.Protocols;

这是因为命名空间:

System.DirectoryServices.DirectoryEntry

不包含自定义证书验证方法.

does not contain a method for custom certificate validation.

感谢大家的帮助和时间,希望这会在未来对某人有所帮助!

这篇关于LDAPS 连接出现未知错误 (0x80005000)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

How to determine the type (AD User vs. AD Group) of an account?(如何确定帐户的类型(AD 用户与 AD 组)?)
How to resolve quot;The server does not support the control. The control is critical.quot; Active Directory error(如何解决“服务器不支持控件.控制至关重要.活动目录错误)
How to authenticate users with a customer#39;s (remote) active directory server(如何使用客户的(远程)活动目录服务器对用户进行身份验证)
How to know if my DirectoryEntry is really connected to my LDAP directory?(如何知道我的 DirectoryEntry 是否真的连接到我的 LDAP 目录?)
Add member to AD group from a trusted domain(将成员从受信任的域添加到 AD 组)
How to retrieve Users in a Group, including primary group users(如何检索组中的用户,包括主要组用户)