Open Closed

Does AppLdapAuthenticationSource supports OpenLDAP? #10655


0
kylem created
  • What is your product version?: API: v10.4.0 | Client: v10.5.0 [20211006]
  • What is your product type (Angular or MVC)?: Angular
  • What is product framework type (.net framework or .net core)?: .net core
  • What is ABP Framework version? 6.4.0

Hi, I tried configuring the app to authenticate agains openLDAP, for that I followed the guid: https://docs.aspnetzero.com/en/aspnet-core-angular/latest/Features-Angular-Active-Directory

When I tested it I was getting following error:

"ERROR 2021-10-26 18:35:01,333 [107  ] Mvc.ExceptionHandling.AbpExceptionFilter - Object reference not set to an instance of an object.",
      "System.NullReferenceException: Object reference not set to an instance of an object.",
      "   at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)",
      "   at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()",
      "   at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)",
      "   at Abp.Zero.Ldap.Authentication.LdapAuthenticationSource`2.CreatePrincipalContext(TTenant tenant)",
      "   at Abp.Zero.Ldap.Authentication.LdapAuthenticationSource`2.TryAuthenticateAsync(String userNameOrEmailAddress, String plainPassword, TTenant tenant)",
      "   at Abp.Authorization.AbpLogInManager`3.TryLoginFromExternalAuthenticationSourcesAsync(String userNameOrEmailAddress, String plainPassword, TTenant tenant)",
      "   at Abp.Authorization.AbpLogInManager`3.LoginAsyncInternal(String userNameOrEmailAddress, String plainPassword, String tenancyName, Boolean shouldLockout)",
      "   at Abp.Authorization.AbpLogInManager`3.<>c__DisplayClass36_0.<<LoginAsync>b__0>d.MoveNext()",
      "--- End of stack trace from previous location ---",

I searched up other similar issues, and did make sure that Username and email are populated in LDAP, as this was issue few users encountered. However, this seems to be a bit different, as exception is thrown from .LdapAuthenticationSource.CreatePrincipalContext()

One issue which I found and seems related is this: https://github.com/dotnet/runtime/issues/27160

and from it looks like that PrincipalContext cannot work with OpenLDAP (which we use internally). Is that correct? What option do we have?

Regards, Predrag


5 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi,

    We haven't tried this with an OpenLDAP server. You can override TryAuthenticateAsync method of AppLdapAuthenticationSource, copy the original code from https://github.com/aspnetboilerplate/aspnetboilerplate/blob/dev/src/Abp.Zero.Ldap/Ldap/Authentication/LdapAuthenticationSource.cs#L39 and see if CreatePrincipalContext works or not by debugging your application.

  • 0
    kylem created

    Hi, I did try your suggestion and I did debug it but ended up with the same exception and pretty much same conclusion that openLDAP is not supported.

    I tried initializing PrincipalContext with different parameters and using various ContextOptions, but that didn't help me resolving the issue.

    One thing I noticed for PrincipalContext class is that it seems it is supported on Windows platform only:

    Would you guys have any suggestion on alternative way of authenticating against openLDAP (e.g using some other .net classes instead of PrincipalContext)? Is there any plan on your side to look into this and provide some solution?

    Thanks, Predrag

  • 0
    ismcagdas created
    Support Team

    Hi Predrag,

    I haven't tried but there are some libraries such as https://github.com/flamencist/ldap4net. You can give it a try.

  • 0
    kylem created

    Thanks. We were able to get users authenticated by using LdapConnection instead of PrincipalContext in TryAuthenticateAsync(). We still need to work on overriding other methods from LdapAuthenticationSource, like UpdateUserAsync(). in any case, it would be nice to have implementation provided by the framework. Regards, Predrag

  • 0
    kylem created

    I guess we can close this issue for now