|Part of the
You Can Learn ASP.Net and C# series.
By Ken Brown
Updated: October 26, 2004
Download the Source Code
This is a three part article on building an LDAP web service.
LDAP, What is Lightweight Directory Access Protocol
Reading Information from the LDAP Server
Converting LDAP to Web Service
This article is to teach you how to build a web service to access your LDAP
server. Businesses are reaching the conclusion that they have too many
repositories of information and they need to create a single login for all
their applications. They are turning to LDAP servers to meet that need.
If you have three applications running your business, maybe you want to enable
a service so that each user in your network can access each application by
logging in only once. A sample of this type of technology is Microsoft's
Passport service where you log in once and have access to multiple web sites.
You are automatically logged into MSN Messanger, the email service and
potentially hundreds of websites around the world.
This is the direction business wants to go. A single login enables each user to
remember fewer login ids and passwords. They only need to remember one. The
LDAP technology is available on multiple operating systems, including Sun One,
Microsoft's Directory Server, IBM and even open source LDAP servers. In the
strictest sense LDAP is really not a server at all, but an interface to talk
with a Directory Server.
In this sample, I will create a web service (asmx file), and a class to talk
with the directory server using C# and ASP.Net. The C# class will be called
LDAPComLink.cs and the web service's name will be LDAPWebServ.asmx. I am making
the assumption that you know a little about web services and you have access to
an LDAP server.
For starters, create a Web Application project. Add a class called
"LDAPComLink" and a web service called "LDAPWebServ". To talk with the LDAP
object you will need to add a reference to System.DirectoryServices. Right
click on the References folder, choose Add Reference and arrow down until you
find System.DirectoryServices.dll. Double-click on the DLL, choose OK and the
file will be added to your project.
Now open up the LDAPComLink file and add a using statement to the Directory
services dll, "using System.DirectoryServices;. It should show up under
Intellisense. We will be returning the data back to the WebService through an
XML file, so add a using System.Xml and for stringBuilder objects add a using
In the LDAPComLink file create a method that gets the LDAP info and returns it
in an XmlDocument. For filtering the information you need, pass in a string to
the method, which will represent a filter that is relevant in the LDAP
LDAP is similar to all new technology because they have their own language. It
is similar to a database language in that it requires connectivity and querying
for information. But after that all similarity ends. To understand LDAP you
have to visualize a directory tree of information. At the top you have your
Root directory, which is the server name or an IP address. Below the Root
Directory is the Directory Suffix which represents the organization name or
domain component. Itiswrittenlike:"dc=abc_de,dc=com".
Then next on the tree comes the organization unit and is written like
"ou=people" or "ou=group". You can have multiple organization units within a
Directory suffix. Most companies have a "people" or "person" organization,
where they store their company's database of users. Then within the
organization unit, you store multiple pieces of information such as usernames,
surnames, email address, and their groups.
The filter we will pass to the GetLDAPInfo method will allow us to view
information at the organization unit level or to filter information at the user
To connect to the LDAP we will need 4 important pieces of information.
Go To Page 1 /
2 / 3
The domain and username expressed as a weblink
"LDAP://myLDAP/cn=Users,dc=myLDAP"; This connection mentions the name of the
server, cn= the level you want to access on the server and the directory suffix
information. It can also be expressed
as:"LDAP://220.127.116.11/dc=youcanlearnseries,dc=abc.us,dc=com"; Where the
number is the ip address of the server. **** Neither of these addresses are
valid addresses, you need to get the connectivity information for your own
You need the username to connect to the server that you are accessing.
You need the password necessary to connect to the server.
Finally, you need the authentication type to connect to the LDAP interface. The
AuthenticationTypes is part of the System.DirectoryServices dll from
Microsoft.Net. AuthenticationTypes come in a wide variety of flavors,
Check with Visual Studio Help or the Microsoft site for specific information
about the different AuthenticationTypes.