A referral was returned from the server

Discussion:

(too old to reply)

softsolvers

2004-12-14 11:31:01 UTC

hello to all experts,

i am new to LDAP and accessing Active Directory from ASP.NET .

i am getting an error

<Error authenticating user. A referral was returned from the server>

as soon as my debugger executes line
Dim search As DirectorySearcher = New DirectorySearcher(entry)

complete code is given belo
-------------------------------------------------------------------------------------------
Dim _path As String = "LDAP://mercury/cn=users,dc=local" 'Path to your
LDAP directory server
Dim domain = TextBox1.Text 'contains--- XXX , our
domain
Dim username = TextBox2.Text 'contains--- sama ,
existing user
Dim pwd = TextBox3.Text 'contains ---abc ,
sama's pwd
Dim domainAndUsername As String = domain & "\" & username
Dim entry As DirectoryEntry = New DirectoryEntry(_path,
domainAndUsername, pwd)

Try
Dim search As DirectorySearcher = New DirectorySearcher(entry)
search.Filter = "(SAMAccountName=" & username & ")"
search.PropertiesToLoad.Add("cn")

Dim result As SearchResult = search.FindOne()
If (result Is Nothing) Then
Throw New Exception("No data found.")
Else
Dim Common_name = CType(result.Properties("cn")(0), String)
Response.Write("this user is : " & Common_name)
End If
Catch ex As Exception
Response.Write(ex.Message)
End Tr
-----------------------------------------------------------------------------------------------

also it's very unclear to me that where to use CN,DC,DN etc in path
parameter of DirectoryEntry() function.

Gurpreet Singh

2004-12-14 13:24:48 UTC

Permalink

"backslash" might be creating the problem....

try using @ in the line:
Dim domainAndUsername As String = domain & "\" & username
i.e.
Dim domainAndUsername As String = domain & @\" & username

Because the backslash is used to represent escape sequences, to add a
backslash you need to type two backslashes. However, with literal strings
you don't use escape sequences, so you can use the backslash as a backslash.

Regards,
Gurpreet Singh[MSFT]
Microsoft Developer Support

Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights. You assume all risk for your use.

Jim Gilligan

2004-12-14 17:44:48 UTC

Permalink

I am writing a lot of .NET code against ADAM which should be compatible
with ADS. My code looks like this:

string path = LDAP_SSL_PATH;
string userDN = String.Format(LDAP_USER_DN, uName);

using (DirectoryEntry de = new DirectoryEntry(path + userDN,
userDN, password, AuthenticationTypes.SecureSocketsLayer))
{
de.RefreshCache();
}

Where:

path = LDAP://ServerName:689/
userDN = CN=Username,CN=Users,CN=Container,O=CompanyName,C=US

path + userDN =
LDAP://LDAP://ServerName:689/CN=Username,CN=Users,CN=Container,O=CompanyName,C=US

We use SSL so the port number in the path is the SSL port number.

If you are not using SSL, use the LDAP port number and change
AuthenticationTypes.SecureSocketsLayer to AuthenticationTypes.None.

Jim

Post by softsolvers
hello to all experts,
i am new to LDAP and accessing Active Directory from ASP.NET .
i am getting an error
<Error authenticating user. A referral was returned from the server>
as soon as my debugger executes line
Dim search As DirectorySearcher = New DirectorySearcher(entry)
complete code is given below
-------------------------------------------------------------------------------------------
Dim _path As String = "LDAP://mercury/cn=users,dc=local" 'Path to your
LDAP directory server
Dim domain = TextBox1.Text 'contains--- XXX , our
domain
Dim username = TextBox2.Text 'contains--- sama ,
existing user
Dim pwd = TextBox3.Text 'contains ---abc ,
sama's pwd
Dim domainAndUsername As String = domain & "\" & username
Dim entry As DirectoryEntry = New DirectoryEntry(_path,
domainAndUsername, pwd)
Try
Dim search As DirectorySearcher = New DirectorySearcher(entry)
search.Filter = "(SAMAccountName=" & username & ")"
search.PropertiesToLoad.Add("cn")
Dim result As SearchResult = search.FindOne()
If (result Is Nothing) Then
Throw New Exception("No data found.")
Else
Dim Common_name = CType(result.Properties("cn")(0), String)
Response.Write("this user is : " & Common_name)
End If
Catch ex As Exception
Response.Write(ex.Message)
End Try
-----------------------------------------------------------------------------------------------
also it's very unclear to me that where to use CN,DC,DN etc in path
parameter of DirectoryEntry() function.

Joe Kaplan (MVP - ADSI)

2004-12-14 18:07:31 UTC

Permalink

Is it possible that you used the default naming context from another domain
for your search root or searched for a user in a different domain by
accident? That's usually what would cause a referral.

Regarding your question about the ADsPath and LDAP, it goes something like
this:

<provider>://<optional server part<server servername><optional port part
:<port number>>/><distinguished name part>

The provider will always be LDAP (must be upper case) for the LDAP provider,
and GC for the GC provider which is basically the LDAP provider on the GC
ports.

The server part is optional. If you specify it, it should be the IP
address, NETBIOS name or DNS domain name of the domain or server. Generally
DNS domain name will give you the most functionality as SSL and Kerberos
seem to need that. If you don't specify this part, you are using serverless
binding, where the current security context is used to dynamically discover
a domain controller.

The port part is optional and generally isn't needed for AD since you can't
change the ports it uses anyway. It is often needed for ADAM and other
servers though.

The last part is the distinguished name part. This can be the distinguished
name of any object on the server, RootDSE, or a GUID or SID DN (<GUID=xxxxx>
or <SID=xxxxx>).

I hope that helps.

Joe K.