Sorry, I'm not sure how to properly reopen existing issue which was closed due to inactivity.
Basically, I have the same issue as in #70210.
I'm trying to handle the case where Active Directory user enters correct credentials but his password was either reset or expired. I can rely on LdapException.ServerErrorMessage on Windows where it provides details like:
80090308: LdapErr: DSID-0C0903A8, comment: AcceptSecurityContext error, data 773, v1db1
But on Linux this property is always empty. I can't rely on LdapException.ErrorCode since it always equals to 49 (LDAP_INVALID_CREDENTIALS) which is expected.
I've checked both 7.0 and 8.0.0-preview.1.23110.8 versions of System.DirectoryServices.Protocols with the same result.
It seems that the issue stems from the usage of LdapOption.LDAP_OPT_SERVER_ERROR here even though it is mentioned it's not supported on Linux (here).
Replacing it with LdapOption.LDAP_OPT_ERROR_STRING allows to get the desired error message from Active Directory on Linux.
Would it be possible to use LdapOption.LDAP_OPT_ERROR_STRING in LdapSessionOptions for Linux? Or to add some other way to get that information if this change can break existing code for LDAP servers other than AD?
Sorry, I'm not sure how to properly reopen existing issue which was closed due to inactivity.
Basically, I have the same issue as in #70210.
I'm trying to handle the case where Active Directory user enters correct credentials but his password was either reset or expired. I can rely on LdapException.ServerErrorMessage on Windows where it provides details like:
But on Linux this property is always empty. I can't rely on LdapException.ErrorCode since it always equals to 49 (LDAP_INVALID_CREDENTIALS) which is expected.
I've checked both 7.0 and 8.0.0-preview.1.23110.8 versions of System.DirectoryServices.Protocols with the same result.
It seems that the issue stems from the usage of
LdapOption.LDAP_OPT_SERVER_ERRORhere even though it is mentioned it's not supported on Linux (here).Replacing it with
LdapOption.LDAP_OPT_ERROR_STRINGallows to get the desired error message from Active Directory on Linux.Would it be possible to use
LdapOption.LDAP_OPT_ERROR_STRINGin LdapSessionOptions for Linux? Or to add some other way to get that information if this change can break existing code for LDAP servers other than AD?