Creating a LDAP Listener in .Net

Hi Guys,

I am looking for ideas on how to create an LDAP Listener and some code if possible using .Net. I have done quite a bit of searching, but so far nothing, using .Net.

Here is the scenario I have: We have a customer interfacing with out services, where we do the usual AD stuff for them. Now the customer has a third party they would like to use, but this third party for some reason insists on us using a LDAP Listener, because any other implementation would be a non-trivial task for them.

I am just looking for information on how to implement a LDAP listener in our services, so let me hear anything you guru's may have.

Thanks.

When you say listener, do you mean:

1) An external entry point for your AD services?
2) A proxy listener that redirects LDAP requests?
3) A completely new LDAP server that is not AD?

But before we go down that path, would this product solve your problem?
http://technet.microsoft.com/es-es/l...8WS.10%29.aspx

Thanks for the reply Craig.
I don't think the ADAM will do the trick, but your second option A proxy listener that redirects LDAP requests is more of what I am looking for. Please let me know if you can help.

Thanks
Aston

Ok, then we need to know more details about what you're trying to accomplish. Your first post hints at the desired functionality, but it’s not entirely clear what the objective is.

According to the customer the third party uses an LDAP connection to make LDAP Queries against an LDAP Server. The customer for security reasons does not want the third party to make queries against their LDAP servers, Instead they would like our services to listen for these LDAP queries. So our objectives are

1) Listen for and accept LDAP queries from the third party.
2) Determine what the queries are
3) Carry out the request and provide a response to the third party, OR
4) Reject the query if not allowed.

That's a pretty ambitious project, and without knowing exactly what data they're after, I'll provide these options:

- Handle the requests using precise permissions in AD. The permissions are very granular, so with a little research and elbow grease, most access issues can be satisfied.

- Can they access a RADIUS server instead? You can tie this to your backend LDAP server as a sort of "proxy".

- Deploy a read-only domain controller, and give them access to that.

- Before you try to build your own, check out these products:
http://symlabs.com/products/virtual-directory-server/
http://symlabs.com/products/ldap-proxy/

If you can't tell... I'm really trying to push you away from building your own LDAP proxy. It's just one of those projects that will be so difficult, expensive, and time consuming that I can't see it delivering a positive ROI. Of course, depending on the resources that are available to you, I could be wrong.

Again thanks for your replies Craig. I will take your advice, and put it to the team and customer. I am thinking we may have to look into some products like you suggested. I appreciate the time you spent answering my question.

Thanks.