Managing LDAP groups and group membership in Novell eDirectory using .NET

Question

I am new to LDAP development so please forgive my ignorance on the subject. I am on a project where I need to manage groups and group membership in Novell eDirectory using .NET. I have found several examples of creating groups in Active Directory but all of these examples use SamAccountName which is specific to active directory. Can anyone share some more generic code that would work against any LDAP store?

Specifically I am looking to implement the following functions:

1. Group creation
2. Group deletion
3. Add user to group
4. Remove user from group

Thanks!

Answer 1

Check out these other two SO questions on eDirectory and C# - they should give you some more insight and links to dig deeper:

• http://stackoverflow.com/questions/1437250/connecting-to-ldap-from-c-using-directoryservices
• http://stackoverflow.com/questions/386982/novell-ldap-c-novell-directory-ldap-has-anybody-made-it-work

There seem to be some issues with using the standard System.DirectoryServices classes with Novell directories, and I'm not 100% what the latest is on the Novell C# LDAP classes mentioned in those questions.

Marc

UPDATE:
Here's a list of Quick C# Code Examples on using System.DirectoryServices on MSDN, or here's a How to do just about evertyhing in Active Directory article on CodeProject. Both contains lots of examples of commonly requested function and how to code them. Hope this helps.

Answer 2

Group management in eDirectory is different than in Active directory.

A Group has two attributes of interest (Member and Equivalent To Me) and a User has two attributes of interest (Group Membership and Security Equals).

Adding a User to a group updates all four of those attributes, when done correctly.

The security/equivalent attributes are the mechanism by which rights and trustees are handled, so you can skip those if not being used inside eDirectory, but best if you do not.

Answer 3

I hate to answer my own question, but I finally found some samples that I can use. Looks like there is a Novell eDirectory C# LDAP api that was written that includes samples for creating objects and managing group membership.

• Group Membership: http://forgeftp.novell.com/ldapcsharp/Samples/Samples/AddUserToGroup.cs
• New Object Creation: http://forgeftp.novell.com/ldapcsharp/Samples/Samples/AddEntry.cs
• Object Deletion: http://forgeftp.novell.com/ldapcsharp/Samples/Samples/DelEntry.cs

I'd rather use the .NET System.DirectoryServices API's so I'll give them a try using the samples above as examples of the attributes I need to set.

Answer 4

So all this depends on how you use eDirectory. Is it used for a file and print directory where users may have various rights assigned within eDirectory to other parts of eDirectory or is eDirectory just used for another LDAP server?

If you do not assign eDirectry rights to users through groups, you really only need to to set the member attribute on the group.

If you do assign rights in eDirectory via groups, then you need to set all four attributes as described here:

http://ldapwiki.willeke.com/wiki/Groups%20Edirectory

-jim