With .net5 it was possible to access Active Directory with the DirectoryServices library under linux. With newer version the code below throws an error.
System.DirectoryServices.Protocols.LdapException: 'The feature is not supported.'
public bool IsUserMemberOf(string userName, string groupName){ if (string.IsNullOrWhiteSpace(groupName) || string.IsNullOrWhiteSpace(userName)) { return false; } var identifier = new LdapDirectoryIdentifier(_ldapOptions.Url, _ldapOptions.Port); var credential = new NetworkCredential(_ldapOptions.BindUserName, _ldapOptions.BindPassword); using var connection = new LdapConnection(identifier, credential); try { connection.SessionOptions.StartTransportLayerSecurity(null); connection.Bind(); var request = new SearchRequest( _ldapOptions.SearchBase, string.Format(_ldapOptions.SearchFilter, userName), SearchScope.Subtree, ActiveDirectoryAttributeNames.User.MemberOf); var response = (SearchResponse) connection.SendRequest(request); var entry = response?.Entries.Cast<SearchResultEntry>().FirstOrDefault(); if (entry != null) { var groups = entry.Attributes[ActiveDirectoryAttributeNames.User.MemberOf].GetValues(typeof(string)).Select(x => (string)x); return groups.Any(x => x.ToLower().Contains(groupName.ToLower())); } return false; } catch (Exception e) { logger.LogError(e, $"Error while checking group membership for user {userName}. Error Message: {e.Message}"); throw; } finally { connection.SessionOptions.StopTransportLayerSecurity(); }}If I am not using TLS then I have no problems.
var identifier = new LdapDirectoryIdentifier("mydomain.com", true, false); var credential = new NetworkCredential(_ldapOptions.BindUserName, _ldapOptions.BindPassword); using var connection = new LdapConnection(identifier, credential, AuthType.Basic); connection.SessionOptions.ProtocolVersion = 3; connection.Timeout = TimeSpan.FromMinutes(10); connection.Bind();Is TLS no longer supported under linux?