Why LdapException.ServerErrorMessage is empty on Linux?

[alexjumper91]

Description

I have a simple LDAP connector in my app that currently works with System.DirectoryServices.Protocols 6.0.1 nuget package. When I call Bind() with incorrect credentials, I expect that in LdapException.Server ErrorMessage will be a string like "8009030C: LdapErr: DSID-0C09058A, comment: AcceptSecurityContext error, data 52e, v4563" (checked with a sniffer, it comes from the server). And it's empty! Everything is OK on Windows, the error is empty in Linux.

tcpdump (on linux):

Reproduction Steps

Work with Windows Active Directory
LDAP client on Debian 10
dotnet --list-runtimes
Microsoft.AspNetCore.App 6.0.5 [/usr/local/bin/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.5 [/usr/local/bin/shared/Microsoft.NETCore.App]

Sample code:

string _host;
public bool Check(string user, string pass)
    {
        string samAccountName = user;
        var userCred = new NetworkCredential(user, pass);
        if (user.Contains('\\'))
        {
            var splitted = user.Split('\\');
            samAccountName = splitted[1];
            userCred.UserName = OperatingSystem.IsWindows() ? splitted[1] : user; // https://github.com/dotnet/runtime/issues/36947
        }
        try
        {
            using (LdapConnection connection = new LdapConnection(_host))
            {
                connection.SessionOptions.ProtocolVersion = 3;
                connection.Bind(userCred);
                return true;
            }
        }
        catch (LdapException ex) when(ex.ErrorCode == 49) // LDAP_INVALID_CREDENTIALS
        {
            // but i need sub-code https://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors
            if (!string.IsNullOrWhiteSpace(ex.ServerErrorMessage))
            {
              // parsing string to get data and convert to sub-code
            }
        }
   }

How to receive ServerErrorMessage? Or how to receive LDAP sub code?

Tagging subscribers to this area: @dotnet/area-system-directoryservices, @jay98014
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Description

I have a simple LDAP connector in my app that currently works with System.DirectoryServices.Protocols 6.0.1 nuget package. When I call Bind() with incorrect credentials, I expect that in LdapException.Server ErrorMessage will be a string like "8009030C: LdapErr: DSID-0C09058A, comment: AcceptSecurityContext error, data 52e, v4563" (checked with a sniffer, it comes from the server). And it's empty! Everything is OK on Windows, the error is empty in Linux.

tcpdump (on linux):

Reproduction Steps

Work with Windows Active Directory
LDAP client on Debian 10
dotnet --list-runtimes
Microsoft.AspNetCore.App 6.0.5 [/usr/local/bin/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 6.0.5 [/usr/local/bin/shared/Microsoft.NETCore.App]

Sample code:

string _host;
public bool Check(string user, string pass)
    {
        string samAccountName = user;
        var userCred = new NetworkCredential(user, pass);
        if (user.Contains('\\'))
        {
            var splitted = user.Split('\\');
            samAccountName = splitted[1];
            userCred.UserName = OperatingSystem.IsWindows() ? splitted[1] : user; // https://github.com/dotnet/runtime/issues/36947
        }
        try
        {
            using (LdapConnection connection = new LdapConnection(_host))
            {
                connection.SessionOptions.ProtocolVersion = 3;
                connection.Bind(userCred);
                return true;
            }
        }
        catch (LdapException ex) when(ex.ErrorCode == 49) // LDAP_INVALID_CREDENTIALS
        {
            // but i need sub-code https://ldapwiki.com/wiki/Common%20Active%20Directory%20Bind%20Errors
            if (!string.IsNullOrWhiteSpace(ex.ServerErrorMessage))
            {
              // parsing string to get data and convert to sub-code
            }
        }
   }

How to receive ServerErrorMessage? Or how to receive LDAP sub code?

Author:	alexjumper91
Assignees:	-
Labels:	area-System.DirectoryServices, untriaged
Milestone:	-

[joperezr]

Thanks for logging the issue @alexjumper91. We have made some changes on how we wrap the exception, get back and report the error message in .NET 7. Have you had a chance to try this out in .NET 7 to see if you see the expected message there?

[alexjumper91]

No, unfortunately I haven't had a chance to try this in RC. I'll try it in the release version of .NET 7

This issue has been marked needs-author-action and may be missing some important information.

This issue has been automatically marked no-recent-activity because it has not had any activity for 14 days. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will remove no-recent-activity.

This issue will now be closed since it had been marked no-recent-activity but received no further activity in the past 14 days. It is still possible to reopen or comment on the issue, but please note that the issue will be locked if it remains inactive for another 30 days.