[Mono-list] Novell LDAP (SSL) using .NET 2.0 on Windows Server

Sebastien Pouliot sebastien.pouliot at gmail.com
Fri Sep 4 10:11:50 EDT 2009 

On Fri, 2009-09-04 at 08:57 -0600, Stéphane Zanoni wrote:
> Hello, Tom.
>  
> Here is a quick snippet...  As long as your looks like this and the
> Mono.Security.dll is in the same directory as your DLL, you should be
> fine.
>  
> var conn = new Novell.Directory.Ldap.LdapConnection();
> conn.SecureSocketLayer = true;
> conn.UserDefinedServerCertValidationDelegate += delegate { return
> true; };

The previous line will accept _any_ certificate* which, beside testing,
mostly defeats using SSL at the first place (e.g. MitM attack)

        * including: invalid signatures, invalid name (wrong server),
        wrong usage, wrong dates...
        
Now if security is not an issue then I suggest not using SSL ;-)

>  
> conn.Connect("192.168.0.1", 636);
>  
> conn.Bind("cn=admin,o=users", "mysecret");
>  
>  
> Stéphane 
>  
> 
> 
> >>> On 9/4/2009 at 08:46, stonefish <tom at stonefish.co.uk> wrote:
> 
> 
> Hi,
> 
> (This is roughly the same message as was mistakenly on the ASP.NET
> section,
> but with the vital point that it's Novell LDAP, not MS LDAP!)
> 
> My client requires us to connect to their Novell LDAP system through
> SSL
> with the ASP.NET (2.0) application we have written, which is going to
> run on
> Windows 2003 Server through IIS6.  For the moment I am using a simple
> console application to test my code - a lot easier and simpler that
> uploading the rather large web application dlls each time.
> 
> >From everything I've read, it appears that Mono is the best solution
> to
> this, but I'm having a great deal of difficulty getting it to work.
> 
> I have added the novell.directory.ldap.dll and mono.security.dll
> references
> to the console app, and included the dlls in "installation" directory
> on the
> server.
> I have installed Mono (2.4.2.3) but not included the GTK part, as I
> don't
> believe it's necessary.
> I have added the security certificate from the clients LDAP system
> into the
> Trust store using certmgr.
> 
> But when I attempt a secure bind to the Novell LDAP server, I receive
> a 91
> Connect Error, with the IOException of "The authentication or
> decryption has
> failed" and TlsException of "Invalid certificate received from
> server".
> 
> What have I missed?
> Am I trying to achieve the impossible... or have I missed a simple
> step out? 
> (Do I need to set an application setting or environment variable that
> I'm
> not aware of?)
> 
> Many thanks for any help,
> Cheers,
> Tom 
> -- 
> View this message in context: http://www.nabble.com/Novell-LDAP-%28SSL
> %29-using-.NET-2.0-on-Windows-Server-tp25295744p25295744.html
> Sent from the Mono - General mailing list archive at Nabble.com.
> 
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list
> 
> _______________________________________________
> Mono-list maillist  -  Mono-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-list

More information about the Mono-list mailing list