"ADSVALUE not implemented" error, LDAP, dotNet, and more!

[Fenster Blick]

I've read every single posting on ADSVALUE, and possibly every single
posting on LDAP and .NET/dotNet, but I am still having problems
debugging an LDAP authentication issue.

The setup: We are using a .Net application to authenticate, using SSL,
with an LDAP directory on port 636. In the .Net code, the
DirectorySearcher searches on a DirectoryEntry. It uses the FastBind
AuthenticationType.

Sometimes it works and sometimes it doesn't. In almost every scenario,
if the application has not been used for several hours and someone
attempts authentication, it fails with the "ADSVALUE type is not yet
implemented" error message. Interestingly, if we wait about 30 minutes
and do not attempt any more logins, the error goes away.

Could the errors be related to FastBind? Should it be using
AuthenticationTypes.SecureSocketLayer instead?

Finally, the Microsoft documentation mentions that for FastBind, "ADSI
does not attempt to query the Active Directory objectClass property and
thus only exposes the base interfaces supported by all ADSI objects
instead of the full object support". I am clueless as to what this
means - can someone translate this into clearer English? What does it
matter if the objectClass property is not initially queried? Since our
LDAP has custom attributes, could this behaviour of FastBind cause the
error we received?

 

[Joe Kaplan \(MVP - ADSI\)]

I actually wrote a section in my book on this in chapter 6. I don't
know if you've seen it or not yet, but you might want to check it out.

Essentially, this stuff comes down to whether your LDAP directory is using
AD/ADAM or a different directory. If AD/ADAM, the problem is likely
security, but might just be a schema update that needs to happen (less
likely). If non-MS LDAP, then the problem could be security, but could be a
parsing issue, where ADSI can't read your directory's schema for some reason
or other (bug in ADSI, standards compliance problem, not LDAP V3, etc.).

Security issues can usually be solved by using the right credentials (which
is not always easy, but is usually solvable). Parsing issues are not really
solvable, although complaining to MS is a good idea here.

One option you have is to use S.DS.Protocols, which doesn't do schema
mapping and gives you the raw LDAP data. It is .NET 2.0 only, but might be
a good option for you.

There is also a hacky way you can get around this with COM interop and
IADsPropertyValue, where you can request to get a value as the uknown type
and it will return it to you as binary or string (or something), but that's
kind of a pain.

I hope this helps a little. I'll be out of pocket for a while, but I'll try
to reply sometime soon if you follow up.

Joe K.

 

[Dmitry Soloviev]

Finally, the Microsoft documentation mentions that for FastBind, "ADSI
does not attempt to query the Active Directory objectClass property and
thus only exposes the base interfaces supported by all ADSI objects
instead of the full object support". I am clueless as to what this
means - can someone translate this into clearer English? What does it

http://msdn.microsoft.com/library/d...g_option_for_batch_writemodify_operations.asp

Regards, Dmitry.