Fix/multi server ldap binding linux (#79657)

iinuwa · web-flow · commit 620239af5715 · 2022-12-28T09:13:50.000-08:00
* Fix LDAP configuration typo

* Allow LDAP binding to multiple servers on Linux
diff --git a/src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml b/src/libraries/Common/tests/System/DirectoryServices/LDAP.Configuration.xml
@@ -20,7 +20,7 @@ this command views the status
 SLAPD OPENLDAP SERVER
 =====================
 
-    docker run -p:390:389 -e LDAP_DOMAIN=example.com -e LDAP_ROOTPASS=password -d nickstenning/slapd
+    docker run -p 390:389 -e LDAP_DOMAIN=example.com -e LDAP_ROOTPASS=password -d nickstenning/slapd
 
 and to test and view status
 
@@ -125,4 +125,4 @@ Note:
         <SupportsServerSideSort>False</SupportsServerSideSort>
     </Connection>
 
-</Configuration>
+</Configuration>
diff --git a/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.Linux.cs b/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.Linux.cs
@@ -13,14 +13,14 @@ public partial class LdapConnection
         // Linux doesn't support setting FQDN so we mark the flag as if it is already set so we don't make a call to set it again.
         private bool _setFQDNDone = true;
 
-        private void InternalInitConnectionHandle(string hostname)
+        private void InternalInitConnectionHandle()
         {
             if ((LdapDirectoryIdentifier)_directoryIdentifier == null)
             {
                 throw new NullReferenceException();
             }
 
-            _ldapHandle = new ConnectionHandle($"ldap://{hostname}:{((LdapDirectoryIdentifier)_directoryIdentifier).PortNumber}");
+            _ldapHandle = new ConnectionHandle();
         }
 
         private int InternalConnectToServer()
diff --git a/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.Windows.cs b/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.Windows.cs
@@ -4,15 +4,39 @@
 using System.Diagnostics;
 using System.Net;
 using System.Runtime.CompilerServices;
+using System.Text;
 
 namespace System.DirectoryServices.Protocols
 {
     public partial class LdapConnection
     {
         private bool _setFQDNDone;
 
-        private void InternalInitConnectionHandle(string hostname)
+        private void InternalInitConnectionHandle()
         {
+            string hostname = null;
+            string[] servers = ((LdapDirectoryIdentifier)_directoryIdentifier)?.Servers;
+            if (servers != null && servers.Length != 0)
+            {
+                var temp = new StringBuilder(200);
+                for (int i = 0; i < servers.Length; i++)
+                {
+                    if (servers[i] != null)
+                    {
+                        temp.Append(servers[i]);
+                        if (i < servers.Length - 1)
+                        {
+                            temp.Append(' ');
+                        }
+                    }
+                }
+
+                if (temp.Length != 0)
+                {
+                    hostname = temp.ToString();
+                }
+            }
+
             LdapDirectoryIdentifier directoryIdentifier = _directoryIdentifier as LdapDirectoryIdentifier;
 
             // User wants to setup a connectionless session with server.
diff --git a/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.cs b/src/libraries/System.DirectoryServices.Protocols/src/System/DirectoryServices/Protocols/ldap/LdapConnection.cs
@@ -173,30 +173,7 @@ internal bool NeedDispose
 
         internal void Init()
         {
-            string hostname = null;
-            string[] servers = ((LdapDirectoryIdentifier)_directoryIdentifier)?.Servers;
-            if (servers != null && servers.Length != 0)
-            {
-                var temp = new StringBuilder(200);
-                for (int i = 0; i < servers.Length; i++)
-                {
-                    if (servers[i] != null)
-                    {
-                        temp.Append(servers[i]);
-                        if (i < servers.Length - 1)
-                        {
-                            temp.Append(' ');
-                        }
-                    }
-                }
-
-                if (temp.Length != 0)
-                {
-                    hostname = temp.ToString();
-                }
-            }
-
-            InternalInitConnectionHandle(hostname);
+            InternalInitConnectionHandle();
 
             // Create a WeakReference object with the target of ldapHandle and put it into our handle table.
             lock (s_objectLock)
diff --git a/src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs b/src/libraries/System.DirectoryServices.Protocols/tests/DirectoryServicesProtocolsTests.cs
@@ -670,6 +670,30 @@ public void TestSortedSearch()
             }
         }
 
+        [ConditionalFact(nameof(IsLdapConfigurationExist))]
+        public void TestMultipleServerBind()
+        {
+            LdapDirectoryIdentifier directoryIdentifier = string.IsNullOrEmpty(LdapConfiguration.Configuration.Port) ?
+                                        new LdapDirectoryIdentifier(new string[] { LdapConfiguration.Configuration.ServerName, LdapConfiguration.Configuration.ServerName }, true, false) :
+                                        new LdapDirectoryIdentifier(new string[] { LdapConfiguration.Configuration.ServerName, LdapConfiguration.Configuration.ServerName },
+                                                                    int.Parse(LdapConfiguration.Configuration.Port, NumberStyles.None, CultureInfo.InvariantCulture),
+                                                                    true, false);
+            NetworkCredential credential = new NetworkCredential(LdapConfiguration.Configuration.UserName, LdapConfiguration.Configuration.Password);
+
+            using LdapConnection connection = new LdapConnection(directoryIdentifier, credential)
+            {
+                AuthType = AuthType.Basic
+            };
+
+            // Set server protocol before bind; OpenLDAP servers default
+            // to LDAP v2, which we do not support, and will return LDAP_PROTOCOL_ERROR
+            connection.SessionOptions.ProtocolVersion = 3;
+            connection.SessionOptions.SecureSocketLayer = LdapConfiguration.Configuration.UseTls;
+            connection.Bind();
+
+            connection.Timeout = new TimeSpan(0, 3, 0);
+        }
+
         private void DeleteAttribute(LdapConnection connection, string entryDn, string attributeName)
         {
             string dn = entryDn + "," + LdapConfiguration.Configuration.SearchDn;

Original file line number	Diff line number	Diff line change
`@@ -13,14 +13,14 @@ public partial class LdapConnection`
`13`	`13`	`// Linux doesn't support setting FQDN so we mark the flag as if it is already set so we don't make a call to set it again.`
`14`	`14`	`private bool _setFQDNDone = true;`
`15`	`15`
`16`		`- private void InternalInitConnectionHandle(string hostname)`
	`16`	`+ private void InternalInitConnectionHandle()`
`17`	`17`	`{`
`18`	`18`	`if ((LdapDirectoryIdentifier)_directoryIdentifier == null)`
`19`	`19`	`{`
`20`	`20`	`throw new NullReferenceException();`
`21`	`21`	`}`
`22`	`22`
`23`		`- _ldapHandle = new ConnectionHandle($"ldap://{hostname}:{((LdapDirectoryIdentifier)_directoryIdentifier).PortNumber}");`
	`23`	`+ _ldapHandle = new ConnectionHandle();`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`private int InternalConnectToServer()`