|
nJupiterDataAccessLdap
Documentation for nJupiter.DataAccess.Ldap
nJupiter.DataAccess.LdapComponent containing a generic MembershipProvider and RoleProvider for LDAP . These providers has been tested with Microsoft Active Directory, Novell eDirectory and IBM Lotus Domino / IBM Tivoli Directory Server. History and PurposeAwhile ago I started to work in a project that had the goal to use a CMS that were using .NET's MembershipProvider and RoleProvider architecture for authentication and user management. The customer that would use the CMS solution used an IBM Tivoli LDAP Directory Server and first I thought that would not be any problems since I was prety sure that it would exist a LDAP MembershipProvider and RoleProvider in the .NET framework, but to my surprise it didn't! Then I started to look around the web for alternatives but I didn't find any LDAP MembershipProvider and RoleProvider anywhere so I decided to write my own. My aims was to write a generic LDAP provider that should work both with my internal Active Directory test server and together with the customer's Tivoli server or with any other LDAP server out there, the result was nJupiter.DataAccess.Ldap. Dependencies
How to set up nJupiter.DataAccess.LdapnJupiter.DataAccess.Ldap is using nJupiter.Configuration so the first thing you have to do is to set up nJupiter.Configuration in your web.config. You can find more information how to do that here. The next thing you have to do is to add a nJupiter.DataAccess.Ldap.config-file to your configuration directory. You can find example configurations how to configure your server here. This configuration is hopefully pretty straight forward. The only configuration values that can maybe be a little hard to understand are the values in the attributes-collection, these are LDAP attributes that shall be loaded together with the LdapMembershipUser and also the attributes in which the membership provider will search in when you use the FindUsersByName-method. The authenticationTypes represents the System.DirectoryServices.AuthenticationTypes in .NET. Also note that it is the provider with the default="true" attribute that is going to be used as your default provider if you do not set anything else in ldapServer attribute in the membership or roleManager configuration in your web.config. The last thing you have to do is to configure your web.config to use nJupiter.DataAccess.Ldap. Here is an example: <system.web>
<membership defaultProvider="LdapMembershipProvider">
<providers>
<clear/>
<add name="LdapMembershipProvider"
ldapServer="Tivoli"
type="nJupiter.DataAccess.Ldap.LdapMembershipProvider,nJupiter.DataAccess.Ldap" />
</providers>
</membership>
<roleManager enabled="true" defaultProvider="LdapRoleProvider" cacheRolesInCookie="true">
<providers>
<clear/>
<add name="LdapRoleProvider"
ldapServer="Tivoli"
type="nJupiter.DataAccess.Ldap.LdapRoleProvider,nJupiter.DataAccess.Ldap" />
</providers>
</roleManager>
</system.web>The ldapServer attribute tells which ldap configuration in nJupiter.DataAccess.Ldap.config to use, if this attribute is left out the configuration with the default="true" attribute will be used. If you need more information how to configure MembershipProviders and RoleProviders you can find it here:
How to useThe LdapMembershipProvider and LdapRoleProvider are working like standard MembershipProviders and RoleProviders, the providers are read only though and does not implement any functionality that writes information to the LDAP server, besides that you shall be able to use without doing anything more that explained in the previous section. A bonus feature beside the standard provider interface is that the LdapMembershipProvider is able to load LDAP attributes for users besides the standard MembershipUser attributes. Those can be accessible by casting the MembershipUser to an nJupiter.DataAccess.Ldap.LdapMembershipUser and read the Attributes property. TroubleshootingIf you get "System.InvalidOperationException: The value for the property Sort cannot be set", try do disabling property sorting by setting the propertySortingSupport to false in nJupiter.DataAccess.Ldap.config If you get "System.InvalidOperationException: The value for the property PageSize cannot be set.", try to disable paging by either removing the pageSize element entirely or by setting its value to 0 in nJupiter.DataAccess.Ldap.config If you get similar exeptions you can also try to turn of the rangeRetrievalSupport by setting its flag to false. If you get "COMException (0x80005000): Unknown error (0x80005000)" or similar it is probably caused by difference between your authenticationTypes-setting and how your LDAP server is configured. You can read more about how to configure the authenticationTypes here. |
► Sign in to add a comment
casting the MembershipUser? to an nJupiter.DataAccess?.Ldap.LdapMembershipUser? and read the Attributes property.
Please provide an example.
It is a standard cast from a System.Web.Security.MembershipUser? to an nJupiter.DataAccess?.Ldap.LdapMembershipUser?. You can read more about how to cast objects here http://msdn.microsoft.com/en-us/library/ms173105.aspx You can then access the attributes via the Attributes-property, which will return an AttributeValue?-collection for each value because of the nature how Ldap-server works and how the underlying DirectoryService? interface works: an attribute can have one or more values and the DirectoryService? interface deliver them in untyped format so you have to cast/parse them yourself to the correct format.