I am trying to update my code to get user information from an AD that must use LDAPS calls, not LDAP.

Currently we are using the System.DirectoryServices.dll but I cannot find a way to hit the AD using LDAPS, only LDAP.

Here is how we are defining our entry and searcher objects.

'''

    If (ADactive) Then

        Dim Entry As New System.DirectoryServices.DirectoryEntry(ADFullPath, Username, Password)
        Dim Searcher As New System.DirectoryServices.DirectorySearcher(Entry)
        Searcher.SearchScope = DirectoryServices.SearchScope.Subtree
        Try
            Dim Results As System.DirectoryServices.SearchResult = Searcher.FindOne
            Success = Not (Results Is Nothing)
            rtn_error = ""
        Catch ex As Exception
            Success = False
            rtn_error = ex.Message
        End Try
        ADUserName = Username
        ADPassword = Password
    End If
    Return Success

'''

I've verified this code works to hit our AD and I can login using my credentials. Our ADFullPath is

LDAP://XXXXXX

Where the "XXXXX" is my AD server.

Are there different properties to my searcher object that I need to set to enable LDAPS?

CodePudding user response：

You need to specify the LDAPS port (636) in your LDAP path, like this:

LDAP://XXXXXX:636

That's all.

However, all the same rules for SSL apply here. This will only work if:

1. The domain name on the SSL certificate matches the domain name you're using. So if you use LDAP://example.com:636, then the cert must be issued to (or have a Subject Alternative Name of) example.com.
2. The certificate is issued by an authority that the client computer trusts. If the cert is self-signed, it will fail.