[Mono-list] ADO.NET in Mono & Active Directory

Jerry Haltom wasabi@larvalstage.net
Mon, 11 Apr 2005 19:06:41 -0500


That Active Directory uses a proprietary protocol isn't exactly true.
Client access and management access happens over LDAP. There is an API
on Windows called ADSI, which is essentially just a simpler LDAP API,
geared towards the specific schema AD uses.

>From the Microsoft glossary:

L
Lightweight Directory Access Protocol (LDAP) -- a protocol used to
access a directory service. LDAP support is currently being implemented
in Web browsers and e-mail programs, which can query an LDAP-compliant
directory. LDAP is a simplified version of the Directory Access Protocol
(DAP), which is used to gain access to X.500 directories. It is easier
to code the query in LDAP than in DAP, but LDAP is less comprehensive.
For example, DAP can initiate searches on other servers if an address is
not found, while LDAP cannot in its initial specification. Lightweight
Access Directory Protocol is the primary access protocol for Active
Directory. 


Of course, they have some "extensions", such as ACL support and such.

You should be able to fully admin an AD with LDAP.

It's worth noting the default configuration of AD is not to allow
anonymous connections. You must be SASL authenticated, preferably using
GSSAPI.


On Mon, 2005-04-11 at 18:34 -0300, A Rafael D Teixeira wrote:
> Hi Dennis, see comments inline:
> 
> On Mon, 2005-04-11 at 11:15 +0200, Denis Schnepf wrote:
> > Hello,
> > 
> > I'm currently working on a project aimed at managing Active Directory 
> > users from a linux server.
> 
> :(
> 
> > Active Directory servers can be accessed using ADO (apparently, with the 
> > OLE DB Provider), so my question is : has anyone tried to use ADO.NET 
> > with Active Directory and does it work?
> 
> This can probably be done in Windows, but with MS.NET in Windows,
> because:
> 
> 1) We don't have OLE DB in Linux (Mono nevertheless implements the OLEDB
> provider but using gda that is a quite different infrastructure).
> 2) Active Directory uses a proprietary and under-documented protocol, so
> AFAIK nobody in Mono is currently trying to is taking a dependency on
> Samba to try to figure out how to work with it, and write an specific
> provider for gda or better an specific managed provider for ADO.NET.
> 
> But hope is not lost:
> 
> Active Directory is known to inter-operate with other systems via LDAP,
> so if this inter-operation encompass the administration chores (what I
> guess most of it doesn't), you can use the LDAP libraries from Mono to
> try your hand. 
> 
> I wish you good luck,
-- 
Jerry Haltom <wasabi@larvalstage.net>