LDAP, What is Lightweight Directory Access Protocol?

This article is to teach you how to build a web service to access your LDAP server. Businesses are reaching the conclusion that they have too many repositories of information and they need to create a single login for all their applications. They are turning to LDAP servers to meet that need.

If you have three applications running your business, maybe you want to enable a service so that each user in your network can access each application by logging in only once. A sample of this type of technology is Microsoft's Passport service where you log in once and have access to multiple web sites. You are automatically logged into MSN Messanger, the email service and potentially hundreds of websites around the world.

This is the direction business wants to go. A single login enables each user to remember fewer login ids and passwords. They only need to remember one. The LDAP technology is available on multiple operating systems, including Sun One, Microsoft's Directory Server, IBM and even open source LDAP servers. In the strictest sense LDAP is really not a server at all, but an interface to talk with a Directory Server.

In this sample, I will create a web service (asmx file), and a class to talk with the directory server using C# and ASP.Net. The C# class will be called LDAPComLink.cs and the web service's name will be LDAPWebServ.asmx. I am making the assumption that you know a little about web services and you have access to an LDAP server.

For starters, create a Web Application project. Add a class called "LDAPComLink" and a web service called "LDAPWebServ". To talk with the LDAP object you will need to add a reference to System.DirectoryServices. Right click on the References folder, choose Add Reference and arrow down until you find System.DirectoryServices.dll. Double-click on the DLL, choose OK and the file will be added to your project.

Now open up the LDAPComLink file and add a using statement to the Directory services dll, "using System.DirectoryServices;. It should show up under Intellisense. We will be returning the data back to the WebService through an XML file, so add a using System.Xml and for stringBuilder objects add a using System.Text;.

In the LDAPComLink file create a method that gets the LDAP info and returns it in an XmlDocument. For filtering the information you need, pass in a string to the method, which will represent a filter that is relevant in the LDAP language.

LDAP is similar to all new technology because they have their own language. It is similar to a database language in that it requires connectivity and querying for information. But after that all similarity ends. To understand LDAP you have to visualize a directory tree of information. At the top you have your Root directory, which is the server name or an IP address. Below the Root Directory is the Directory Suffix which represents the organization name or domain component. Itiswrittenlike:"dc=abc_de,dc=com".

Then next on the tree comes the organization unit and is written like "ou=people" or "ou=group". You can have multiple organization units within a Directory suffix. Most companies have a "people" or "person" organization, where they store their company's database of users. Then within the organization unit, you store multiple pieces of information such as usernames, surnames, email address, and their groups.



The filter we will pass to the GetLDAPInfo method will allow us to view information at the organization unit level or to filter information at the user level.

To connect to the LDAP we will need 4 important pieces of information.

1. The domain and username expressed as a weblink "LDAP://myLDAP/cn=Users,dc=myLDAP"; This connection mentions the name of the server, cn= the level you want to access on the server and the directory suffix information. It can also be expressed as:"LDAP://123.12.12.123/dc=youcanlearnseries,dc=abc.us,dc=com"; Where the number is the ip address of the server. **** Neither of these addresses are valid addresses, you need to get the connectivity information for your own directory server.
2. You need the username to connect to the server that you are accessing.
3. You need the password necessary to connect to the server.
4. Finally, you need the authentication type to connect to the LDAP interface. The AuthenticationTypes is part of the System.DirectoryServices dll from Microsoft.Net. AuthenticationTypes come in a wide variety of flavors,
   • Anonymous
   • Delegation
   • Encryption
   • FastBind
   • None
   • ReadOnlyServer
   • Sealing
   • Secure
   • SecureSocketsLayer
   • Server Bind
   • Signing
   Check with Visual Studio Help or the Microsoft site for specific information about the different AuthenticationTypes.