tags:

views:

54

answers:

2

I am getting into integrating my app with LDAP and I just recently learned that it's not a request sent over HTTP, it's actually it's own protocol? I have no idea what this means but I am going to be using a plugin for .NET called IP works from nsoftware.com. Can someone tell me what one of these requests looks like and what a response would look like? What form is the data in, text? I talked to our partner who has the AD and they said I need an IP and a Port and I need to tell them the IP of my server (this makes sense to me). However I don't get what an LDAP request is. Preferable example would be showing me what the request would look like that contains a username and password and the response that comes back with the users data. I need to generate such a request from a form and parse the response into the database. Also, what does 'Secure LDAP' mean, what kind of credentials am I going to need to make these requests and how do they get 'into' the request?

+1  A: 

Given your query, I suspect that you are going to want to use a library to make your requests rather than trying to roll your own. The .NET C# library maintained by Novell is probably the best for pure LDAP ( http://developer.novell.com/wiki/index.php/Ldapcsharp ). And there are a couple of nice tutorials out there as well: www.novell.com/coolsolutions/feature/11204.html and www.novell.com/coolsolutions/appnote/1673.html .

LDAP is a network protocol designed to access a central user database. It is largely an abstraction, since a variety of very different products use LDAP for queries and other directory service operations, including many products that have other non-LDAP APIs. It is extremely important to be familiar with LDAP if you are going to do anything involving remote user information.

Johnnie Odom
I am using the nsoftware plugin IPworks, so I think that means I'm not rolling my own.
shogun
A: 

If you want to learn about LDAP (assuming someone has configured an LDAP server for you), I'd suggest using an LDAP browser, for example Apache Directory Studio.

There are multiple security aspects regarding LDAP.

First, there's the security of the communication itself. This can be done in two ways: using SSL or TLS upfront, using an ldaps:// URI (port 636 by default) or using STARTTLS (same port as plain LDAP, 389 by default, but you need your client to send an additional command to switch to TLS after having exchanged some LDAP messages).

Secondly, some requests will produce different result depending on whether you've bound an identity to your request (i.e. depending on whether your request is authenticated) and what this authenticated user is allowed to see. Most clients will allow you to connect using a given Distinguished Name (i.e. a "full" LDAP user-name) or anonymously. Authentication can be done in various ways, including password, SASL or client SSL/TLS certificates.

Bruno