Skip to content

System.DirectoryServices.Protocols: Force using LDAP V3 for SASL binding #109450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
steveharter merged 2 commits into from
Dec 5, 2024
Merged

System.DirectoryServices.Protocols: Force using LDAP V3 for SASL binding #109450

steveharter merged 2 commits into from
Dec 5, 2024

Conversation

@0xced
Copy link
Contributor

@0xced 0xced commented Nov 1, 2024

Fixes #109449

@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Nov 1, 2024
@0xced 0xced force-pushed the System.DirectoryServices.Protocols-LDAPV3 branch from a9c3e8d to 45c354d Compare November 1, 2024 16:28
@0xced 0xced force-pushed the System.DirectoryServices.Protocols-LDAPV3 branch from 45c354d to 35100d4 Compare November 1, 2024 20:46
@0xced 0xced changed the title System.DirectoryServices.Protocols: Use LDAP V3 protocol by default System.DirectoryServices.Protocols: Force using LDAP V3 for SASL binding Nov 1, 2024
@steveharter
Copy link
Contributor

steveharter commented Nov 4, 2024

cc @BRDPM @grubioe @jay98014

steveharter
steveharter reviewed Nov 7, 2024
View reviewed changes
...ectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.Linux.cs
try
{
// Bump up the protocol version because ldap_sasl_interactive_bind requires LDAP V3 else it returns LDAP_NOT_SUPPORTED and this ends up throwing LdapException: The feature is not supported.
SessionOptions.ProtocolVersion = 3;
Copy link
Contributor

@steveharter steveharter Nov 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For non-OSX, this must be working before the change above -- will this break V1\V2 users in those cases?

Copy link
Contributor Author

@0xced 0xced Nov 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I don't have a Linux machine to test. I tried to setup Kerberos + OpenLDAP in Docker to test on Linux but I couldn't create a working environment.

This was referenced Nov 16, 2024
Open
Closed
@0xced
Copy link
Contributor Author

0xced commented Nov 21, 2024

Note: I used https://github.com/0xced/dotnet-ldap-experiment to test this fix since building the .NET runtime repository and working on it in Rider on macOS is always a challenge!

steveharter
steveharter approved these changes Dec 5, 2024
View reviewed changes
Copy link
Contributor

@steveharter steveharter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My understanding is that ProtocolVersion 3 came out years ago (1997?) and is backwards compatible with v2, so little risk based on that.

@dotnet dotnet deleted a comment from azure-pipelines bot Dec 5, 2024
@dotnet dotnet deleted a comment from azure-pipelines bot Dec 5, 2024
@steveharter
Copy link
Contributor

steveharter commented Dec 5, 2024

/azp run runtime-dev-innerloop

@azure-pipelines
Copy link

azure-pipelines bot commented Dec 5, 2024

Azure Pipelines successfully started running 1 pipeline(s).

@dotnet dotnet deleted a comment from azure-pipelines bot Dec 5, 2024
@steveharter
Copy link
Contributor

steveharter commented Dec 5, 2024

/azp run runtime-wasm

@azure-pipelines
Copy link

azure-pipelines bot commented Dec 5, 2024

Azure Pipelines successfully started running 1 pipeline(s).

@steveharter
Copy link
Contributor

steveharter commented Dec 5, 2024

/azp run runtime

@azure-pipelines
Copy link

azure-pipelines bot commented Dec 5, 2024

Azure Pipelines successfully started running 1 pipeline(s).

@steveharter steveharter merged commit 9970e70 into dotnet:main Dec 5, 2024
90 of 102 checks passed
This was referenced Dec 5, 2024
Open
Closed
Closed
@github-actions github-actions bot locked and limited conversation to collaborators Jan 5, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@steveharter steveharter steveharter approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area-System.DirectoryServices community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

LdapConnection throws LdapException: The feature is not supported when using Negotiate or Kerberos authentication

2 participants

@0xced @steveharter