views:

191

answers:

1

I have the following C# code in a project:

    DirectoryEntry root = new DirectoryEntry(@"LDAP://ad.mydomain.com");
    DirectorySearcher ds = new DirectorySearcher(root);
    ds.DerefAlias = DereferenceAlias.Always;
    ds.SearchScope = SearchScope.Subtree;
    ds.Filter = "(|(name=John_Smith)(cn=John_Smith))";
    SearchResultCollection src = ds.FindAll();

I'm monitoring LDAP traffic to the AD server with MS Network Monitor and I see this when the search takes place:

  Frame: Number = 1417, Captured Frame Length = 404, MediaType = ETHERNET 
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[XXX],SourceAddress:[XXX]
+ Ipv4: Src = XXX, Dest = XXX, Next Protocol = TCP, Packet ID = 9696, Total IP Length = 390
+ Tcp: Flags=...AP..., SrcPort=1521, DstPort=LDAP(389), PayloadLen=350, Seq=3825204841 - 3825205191, Ack=1241404727, Win=16425 (scale factor 0x2) = 65700
- Ldap: Search Request, MessageID: 1, BaseObject: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
  - Parser: Search Request, MessageID: 1
   + ParserHeader: 
   + MessageID: 1
   + OperationHeader: Search Request, 3(0x3)
   - SearchRequest: BaseDN: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
    + BaseObject: NULL
    + Scope: base Object
    + Alias: neverDerefAliases
    + SizeLimit: No Limit
    + TimeLimit: 120 seconds
    + TypesOnly: False
    - Filter: (objectclass Present)
     + Operator: Present, 7(0x07)
     - Length: 11
        Length: 11 bytes, LengthOfLength = 0
     + PresentFilter: objectclass Present
    - Attributes: ( subschemaSubentry )( dsServiceName )( namingContexts )( defaultNamingContext )( schemaNamingContext )( configurationNamingContext )( rootDomainNamingContext )( supportedControl )( supportedLDAPVersion )( supportedLDAPPolicies )( supportedSASLMec
     + AttributeSelectionHeader: 
     + Attribute: subschemaSubentry
     + Attribute: dsServiceName
     + Attribute: namingContexts
     + Attribute: defaultNamingContext
     + Attribute: schemaNamingContext
     + Attribute: configurationNamingContext
     + Attribute: rootDomainNamingContext
     + Attribute: supportedControl
     + Attribute: supportedLDAPVersion
     + Attribute: supportedLDAPPolicies
     + Attribute: supportedSASLMechanisms
     + Attribute: dnsHostName
     + Attribute: ldapServiceName
     + Attribute: serverName
     + Attribute: supportedCapabilities

Neither the search scope or filter I requested appear to be being used in the query. I tried using Softerra LDAP Administrator to perform a root search on "John_Smith" and network monitor shows what appears to be a perfectly good LDAP query, with filter and search scope intact.

What am I missing?

+1  A: 

This is how I do it:

searcher.Filter = "(&(objectClass=user)(|(cn=John_Smith)(sAMAccountName=John_Smith)))";

An awesome site for everything AD is this one that I use.

http://www.codeproject.com/KB/system/everythingInAD.aspx

Aaron
+1 I'm currently developing a block of our framework that dialogs with AD using this precise article! It's awesome what it contains as information! Very good reference!
Will Marcouiller
This doesn't work for me. I get no results and the LDAP packet appears to still have no filter and scope = base object. Even when I copy-paste the exact filter being used by the Softerra tool I get no results and no apparent filter being passed to the server.
Wayne
This sounds like a stupid question, but are you absolutely sure that John_Smith is the 'sAMAccountname'?
Aaron
Also, are you sure you don't need to set your username and pasword properties for your Directory Entry?
Aaron
Well, it's a different name that I'm searching for, but it's definitely a valid account name in AD. I'm able to find it via the WinNT provider and the Softerra tool.
Wayne
It doesn't seem to make any difference if I pass credentials or not.
Wayne
I've never used the MS Network Monitor before, but perhaps the filter isn't being shown because you're not actually getting the directory entry. Does ds.FindAll() return null?
Aaron
I get a SearchResultCollection with Count = 0 no matter what I try. I have been able to get what I need with a combination of System.DirectoryServices.AccountManagement and direct LDAP queries, but I'm at a loss as to why my simple query above isn't working. I'm sure I'm missing something head-slappingly simple...
Wayne
The only explanation I can come up with is either your LDAP connection is incorrect or the username you're searching for is incorrect...but neither of those seems to be the case, so I'm at a loss here.
Aaron