They say it all boils down to security. It’s the account used by ASP.NET. It’s setting . It’s the way you set up ADAM.
It’s making sure that the ADAM user you are logging in with is a member of the Readers role.
It’s making sure that when attempting to create a System.DirectoryServices.DirectoryEntry, the ADAM username you are trying to bind with is the DN of the username, not the CN or anything else.
It’s making sure that when trying to create that DirectoryEntry to bind with an ADAM user, you set the AuthenticationTypes to None.
Yes, dear reader, it’s all of those. But, if like me you still find yourself with the “Unknown error”, and you’ve played with Reflector and walked through System.DirectoryServices, and googled “ADsOpenObject 0×80005000” and you’ve wept, and shaken your fist–keep going.
If you’ve ghosted your machine back to August 2003 to get rid of the Framework 2.0 beta you installed a few weeks back to play with Monad, and you still get the “Unknown error”, keep going.
If you’ve reinstalled ADAM twelve times, then created a fresh VMWare guest of 2003 with all the trappings, installed ADAM, run your code, and you still get the “Unknown error”, keep going.
When, after 24 hours of frustration, seditious thoughts of the quality of System.DirectoryServices.dll going through your head, you find yourself contemplating a switch to Linux, relax. I have an answer for you:
It’s “LDAP://”, not “ldap://”.
Yeah, I’m that serious.
So, here are the details. I created an ADAM instance with the following application partition:
CN=whywont,DC=this,DC=work
I then went in, and created a user:
CN=please tell me
which has the DN:
CN=please tell me, CN=whywont, DC=this, DC=work
I gave this user a password, and made sure to add it to the CN=Readers group, in the CN=Roles,CN=whywont,DC=this,DC=work container. I configured a virtual directory with in the web.config, only anonymous authentication enabled, and a low privilege account with access to ADAM as the login. Now for the code:
DirectoryEntry entry = new DirectoryEntry( “ldap://localhost:389/CN=whywont,DC=this,DC=work”,
“CN=please tell me, CN=whywont, DC=this, DC=work”,
“password”,
AuthenticationTypes.None )try
{
object adsi = entry.NativeObject ;
…
Result: Unknown error (0×80005000). But if you change the path to “LDAP://localhost…”, it works.
I’ve been speechless for nearly 2 hours now.
System.DirectoryServices is by far my least favorite namespace. Don’t worry you’ll also get that unknown error in quite a few other circumstances that are equally as mind numbing.
OMG – Thank You!!!!
After 3 hours of trying , this solved the problem….I dont believe it.
Nice solution. Finally, after 2 days, I can bind to my LDAP server! Sheeeesh.
Just remeber the S.DS namespace uses good old ADSI invoke undercovers. The LDAP provider is cAsE SeNsItIve. As is the WinNT etc.
Unknown error is usually a bad path. You have to use LDAP in the upper case. If you where using native C you could use ldap:// the LDAP is because of the requirement of the underlying ADSI com objects S.DS uses.
Hope that helps:
Carlos Magalhaes Active directory Programming MVP
Need AD / AM or any LDAP ADSI help – http://groups.yahoo.com/group/adsianddirectoryservices
Carlos–thanks for those helpful hints. Definitely the path to take if I run into future DS issues–check out the underlying ADSI COM objects, their docs and notes…
Thank you thank you thank you!!!
I was ready to hang myself.
Dude! You rock.
Now my real question is WTF?
Mark
I have spent a full day playing around with millions of poosible combinations of IIS settings, WEB.CONFIG settings…you name it, I tried it. And that was all it was. You are a life-saver!!!
OMG – Thank-you very much.
This isn’t the first time this sort of thing brought us to our knees. [Thanks, BILL]
Very nice find you saved me a lot of time thank you
OMFG.
3 Hours of beating my head into a wall because I was using the example directly from MSDN that was lowercase… I have to go throw up now.
M.
i had a similiar problem. i tried to bind to LDAP://server:389/ which didn’t work. when i changed to LDAP://server:389 (without the end slash) things started working.
Hi had got the same error:
System.Runtime.InteropServices.COMException (0×80005000)
Anyway i had written LDAP the way you described. After lots of hours remote debugging i know what the problem causes:
I read the current users information from the ActiveDirectory. After that i retrieve all AD-Groups for that user. There the problem occures while try to get the GUID for some groups. I looked at the LDAP Path for that objects and recognized that the Groupname had a slash (/). Thats the reason. I’ve found no way to fix that problem just by try-catching those objects and throw them away.
To all ActiveDirectory Admins:
PLEASE NEVER PROVIDE NAMES IN YOUR AD INCLUDED A SLASH!!!
Hope that reduces somebodies debugtime
Chris
thank God!!!
I almost kill my lecturer for giving me this task.
Thank you so much ^^
Saved the day for me -
Andon,
The docs have: AuthenticationTypes.Signing | AuthenticationTypes.Sealing | AuthenticationTypes.Secure for secure ADAM connection (requires SSL port).
24 hours of misery ended. Thanks!
eesh. Great post – it was the first one I read after looking up the error and this is definitely saving a ton of time. I was ROFL. Sigh of relief.
Rock On.
24 hours of misery ended. Thanks!
Now please tell me how can I connect to my LDAP server securely since the only POSSIBLE way to connect is in NONE mode.
I was stucked in this problem since many hours. Now I’ve troubleshoot thanx buddy .gr8 job even microsoft.com was unable to help it out
G0dD@mmit THANK YOU!! – my lowercase ldap:// was kicking my @ss. Thank you
This reminds me of a bug I had when I was first learning to program. I was programming in apple basic in high school. In the program I switch a zero for a letter ‘O’. The compiler sucked and didn’t catch the problem.
I ended up staring at the screen for hours before it finally hit me. Great post!
Hi Thanks for this. After 4 hours of changing auth accounts I can’t believe that it’s down to casing of LDAP. I am doing this with VS 2005, so not much has changed since this post ;-(
Thanks for the great tip – must say I got lucky
i follow the guide from MSDN of VIsual Studio 2008, it uses “LDAP” instead of “ldap” and I still have an “Unknown Error (0×80005000)”. AAArGH Some body help me! FYI, I’ve tried all stuffs written in this page.
I am crying with tears of gratefulness.