I am using the System.DirectoryServices.Protocols functions to query an openldap directory.
The openldap directory is using the password policy overlay.
If I bind to the directory, the server may return controls that may contain password expiration warnings.
How can I get the bind response in c#?
System.DirectoryServices.Protocols.Bind returns void.
Querying the users pwdChangedTime, retrieving policy indicated in pwdPolicySubentry do the math to warn the user about password expiry doesn’t seem like a good way of doing it.
Any help is much appreciated,
Unfortunately you can’t do it with a bind operation. S.DS.P is a thin layer on top of Winldap32 and it does not recognize any controls sent back on a bind operation. I went down several paths on this last year got down to using reflection to manipulate S.DS.P internal classes and pinvoking into Winldap32 myself and ultimately came up short due to limitations in Winldap32. There is an ldap library that was written by Novell that is its own pure CLR implementation. I’m not sure its well maintained these days. Your only other option would be to write your own .net library on top of the openldap client libs.
One other aside. Using TLS with S.DS.P in a server side app will cause S.DS.P to go into an infinite loop while processing the TLS response under certain conditions. The work around is to use straight SSL on port 636.