Directory Programming .NET

It is totally possible but also is typically a terrible idea that I would never recommend. :) The ''right'' way to do such things is to package your schema extension as a standard LDIF file. That way, it can be provided to the AD admins who can add it to their AD as part of their change control process. AD admins HATE black box tools that modify ...

If you could provide an HTTP header trace of this interaction, we could easily look at it and explain exactly what was going on. Everything you need to know is in the headers for a problem like this. Unfortunately, it is hard for me to be really specific in recommendations without seeing that. If you can repro this easily, then getting the ...

Set PageSize to 100 and see if that works. You may also need to set the page time limit option. Paging will allow the search to be broken up into smaller pieces. The code you use to do the enumeration of the results is the same though so you this change really just happens under the hood.

Glad that worked for you. Getting the provider to work with ADAM can sometimes be harder than with AD but it IS supposed to work. I'm also glad the book helped, especially given that we didn't really have the ability to address the membership providers directly there. Best of luck!

Did you consider just using the ActiveDirectoryMembershipProvider for this? It comes with ASP.NET since .NET 2.0 and works with ASP.NET forms auth directly. It is probably the easiest and cleanest approach. If you have to do this by hand, you still can. The main thing is to be sure not to conflate a bind operation with a search operation. ...

This is almost certainly a bug in their implementation. It is known that this character must be escaped when used in an ADSI path expression. However, given that it is a valid LDAP character in a DN, the LDAP server will not automatically escape it for you. I'm guessing they just forgot to do this extra logic and didn't have a test case for this ...

Why do you think the authentication type is SecureSocketsLayer? That's not a default value and you don't set that anywhere. In .NET 2.0+, the default is ''Secure'' which does negotiate authentication. It would also be helpful to know what the value of the username and password were that generated this failure. How do we know if they are null ...

I think I would do a search in the schema for ldapDisplayName=DUP-loginShell-591f5fe1-f2eb-4402-9e09-058409f8387 and see what you can find. It looks like something weird has happened to the schema. I've never seen this problem before. I also don't know what that attribute is (never seen it or used it). I think you can change the name if you need ...

What are the values of the username and password parameters when you run this? It would be helpful if your sample didn't include any code that isn't relevant like commented code and such. It makes it very hard to read. Posting a sample that clearly demonstrates the problem makes it easiest to help you. Additionally, did you consider setting the ...

You need to implement impersonation in the web application along with Kerberos delegation in order for the web app to be able to use the user's credentials to authenticate again to a back end resource on the user's behalf. Check out the various lengthly/detailed articles on MSDN and TechNet about setting up Kerberos delegation. I recommend that ...