Implement authentication with client certificate about novell.directory.ldap.netstandard HOT 13 CLOSED

@chazt3n not sure i follow your question.
We us the library in our app as described in the read me.
In terms of authentication vis cert, we implement the client side validation callback, that loads a pfx and attaches to all subsequent calls.

from novell.directory.ldap.netstandard.

This is what I have so far:

ldapConnection = new LdapConnection();
ldapConnection.SecureSocketLayer = true;
ldapConnection.UserDefinedServerCertValidationDelegate += new RemoteCertificateValidationCallback((sender, certificate, chain, errors) => true);
ldapConnection.Connect(hostName, portNumber);
ldapConnection.Bind("", "");

I can't figure out how to add the certificate to the connection request. I installed the certificate in the store, but this didn't help.

from novell.directory.ldap.netstandard.

This feature is not implemented yet. Someone else asked also about this - see here #9

from novell.directory.ldap.netstandard.

Hi, I'm willing to help too for this feature, can you please give work direction?

from novell.directory.ldap.netstandard.

Authentication with client certificate is supported by SslStream (already used for ssl/tls support).

Short description of how authenticatin with client certificate works with ldap - https://tools.ietf.org/html/rfc2829#section-7.1

From what I understand using SslStream with authentication with client certificate + sending a different type of bind request (EXTERNAL) should work - but I may be wrong :)

from novell.directory.ldap.netstandard.

@dsbenghe,

Thanks for the suggestion. Do you have any sample code that is using such a binding?

from novell.directory.ldap.netstandard.

Maybe I wasn't clear enough - but sending a bind request with type EXTERNAL is not supported yet by this library - I was saying what is required for this library to authenticate with client certificate.

SslStream support sending the certificate for authentication but the ldap client still needs to let the server know that it wants to use that for authentication - that is the purpose of that bind request.

from novell.directory.ldap.netstandard.

Do we know if this is going to be supported soon? This library is my best hope for ldap queries on .net core (from a linux machine) however I can't use it without the certificate functionality .

from novell.directory.ldap.netstandard.

Are there any progress around this PR? We are also in need of this feature with .NCore. Or do you know any other packages that support this?

from novell.directory.ldap.netstandard.

Hello!
Any chance this has been completed? We really need to be able use LDAPS with certs and this would be great if it can be used.

from novell.directory.ldap.netstandard.

hello,

we too had a similar need of this library.

We have forked the code and succeeded in completing authentication using a client certificate.
Here is the Pull Request:

#91

Note we used a .pfx to complete this.

from novell.directory.ldap.netstandard.

@barry-r-moore how does one use this?

from novell.directory.ldap.netstandard.

Latest master - which will get published as 3.6.x - has SASL authentication using client certificate implemented e.g.

var options = new LdapConnectionOptions()
  .UseSsl()
  .ConfigureLocalCertificateSelectionCallback(...) // return your client certificate
using var ldapConnection = new LdapConnection(options);
ldapConnection.Connect(...) // to ssl port
ldapConnection.Bind(new SaslExternalRequest());

or

var options = new LdapConnectionOptions()
  .ConfigureLocalCertificateSelectionCallback(...) // return your client certificate
using var ldapConnection = new LdapConnection(options);
ldapConnection.Connect(...)
ldapConnection.StartTLS();
ldapConnection.Bind(new SaslExternalRequest());
...

from novell.directory.ldap.netstandard.