LDAP server not available using PrincipalContext and ADLDS

We use ADLDS for our user management and authentication. We can successfully request an instance with no problem. However, attempting an operation such as SetPassword

will fail or even try to create a new user, if no password is set, it fails. I can successfully update a user as long as his password is not updated. I have read many different articles regarding this but have not found a resolution. Posting to see if I can get a fresh perspective on this issue, thanks for any input.

Example

ContextType ctxType = ContextType.ApplicationDirectory; 
string server = "myadldsserver.com"; 
string usersCN = "CN=Users,..."; // container where users reside 
ContextOptions ctxOpts = ContextOptions.SimpleBind;
string uname = "myuser"; 
string pswrd = "mypass"; 

using(var ctx = new PrincipalContext(ctxType, server, usersCN, ctxOpts, uname, pswrd) 
using(var newUser = new UserPrincipal(ctx)) {
    newUser.Name = "newusername"; 
    newUser.Enabled = true; 
    newUser.UserPrincipalName = "newusername"; 
    newUser.Save(); 

    newUser.SetPassword("newuserpassword");  
} 

      

        
        
        
      

    

ERROR 1

The first problem I run into if I try to create a new UserPrincipal and call Save without setting a password like in the example above, I get A constraint violation occurred.

an InnerException.0000052D: AtrErr: DSID-033807D7, #1:0: 0000052D: DSID-033807D7, problem 1005 (CONSTRAINT_ATT_TYPE), data 2246, Att 9005a (unicodePwd)

Due to this error, I tried to move SetPassword before calling Save along with other approaches I found on the web, like getting DirectoryEntry from UserPrincipal and trying to call SetPassword, but got a different error.

ERROR 2

Calling SetPassword before calling UserPrincipal.Save when calling save fails The directory property cannot be found in the cache.

Note that the same error occurs if I try to call ResetPassword

or get the DirectoryEntry and call Invoke("SetPassword"...

as well

ERROR 3

In my research, most of them seem to indicate that this may be due to the need to access AD LDS using a secure connection. So I changed my server to include port 636 string server = "myadldsserver.com:636"

and I changed ContextOptions to ContextOptions.SimpleBind | ContextOptions.SecureSocketLayer

.

Making these changes while creating the PrincipalContext, I get the following The server could not be contacted.

internal exception The LDAP server is unavailable.

, HResult is -2146233087

JAVA and LDP

To add some background to this, we have similar code written in an old Java application. We are trying to move some of this logic to the .NET side of C #. The Java code uses the Java key store, which contains a certificate generated on the AD LDS server. Of course a Java application has no problem using the SSL port. We know the server is configured correctly, it's just a matter of how to access it from the .NET side.

Is there an equivalent on the .NET side like keystore in Java? We know that an SSL connection can be made on the server. We also tested this using LDP.

GOALS

• Be able to create a new user and set his password during creation
• Be able to ResetPassword or ChangePassword for user
• Connect to our AD LDS instance from .NET securely