Hey, you're right, I closed VS and re-opened and now it builds.

I'm set with VS now but it may take me awhile to get the ldap setup for testing.

We do need to try an resolve this strange build thing before we start including the Novell dll in svn or it will cause problems for other developers.

Did you compile the dll on linux? Wonder if we can take a snapshot of the source code and add it as a class library project in our solution and build it on windows.

Hey TJ I finally got setup to work with your code changes today as you may have read in my blog post.

Your code works per your instructions and looks great!

I am thinking of a few changes:

1. I'm not sure we need to store AdminEmail in the mp_Sites table. I think the admin user should change his email to one that is in LDAP using his profile prior to changing the SiteSettings to use LDAP then we would not need this field because the admin user will be able to login. Actually I'm thinking of adding a field to the mp_Users table named LoginName and use this and password to login instead of email and password. This would be more consistent with how users login to other systems with an LDAP backend and also I think I read that an LDAP user can have more than 1 email address. I've been thinking of changing this even for non LDAP authentication. Maybe I will make that a site setting, whether to use email for the login.

2. I'm thinking I can add a check to prevent the admin from getting locked out by changing the site to use LDAP. We can test binding the BindDN and the current logged in user (Admin) before allowing the change. This would prevent the admin from making a typo in the ldap settings and getting himself locked out.

3. I am concerned about storing the BindPwd in the db in clear text. We need to be able to get that value so one way encryption will not suffice. With 2 way encryption we need a good cross platform way to store the key for decryption. I entered LDAP Administrator credentials for this but maybe thats only needed if we are trying to implement LDAP updates. I will experiment with putting ordinary user credentials there instead of admin, if we can do this it alleviates my concern quite a bit and we may not need encryption. The Administrator credentials are the keys to the kingdom. I can envision a company wanting to setup mojoportal as an extranet authenticating against their internal domain so they don't have to create secondary logins for the web site but we have to make sure we are not exposing secrets of the internal network to the outside world. Even internal users with legit access directly to the db should not have easy access to the LDAP Administrator password. If we can get away with authentication without storing Admin credentials in the db then maybe next we can implement some pages for LDAP administration that require the user to enter the correct credentials to make an update and use SSL to protect that.

I'm just getting started with really looking into this and thinking it through. Let me know your thoughts on the above and I'll post more as I progress.

Great Work! Glad to finally be able to work with it.

Joe

Update: 2:06 PM It doesn't seem to work without the Administrator credentials:

[LdapException: Invalid Credentials]
Novell.Directory.Ldap.LdapResponse.chkResultCode() +30
Novell.Directory.Ldap.LdapConnection.chkResultCode(LdapMessageQueue queue, LdapConstraints cons, LdapResponse response) +147
Novell.Directory.Ldap.LdapConnection.Bind(Int32 version, String dn, SByte[] passwd, LdapConstraints cons) +174
Novell.Directory.Ldap.LdapConnection.Bind(Int32 version, String dn, String passwd, LdapConstraints cons) +175
Novell.Directory.Ldap.LdapConnection.Bind(String dn, String passwd) +20
mojoPortal.Business.LdapManagement.GetConnection(LdapDetails ld, Boolean bind) in c:\__projects\contributors\tjfontaine\mojoportal\business\ldapmanagement.cs:16
mojoPortal.Business.LdapManagement.LdapLogin(LdapDetails ld, String email, String password) in c:\__projects\contributors\tjfontaine\mojoportal\business\ldapmanagement.cs:52
mojoPortal.Business.SiteUser.Login(SiteSettings siteSettings, String Email, String Password) in c:\__projects\contributors\tjfontaine\mojoportal\business\siteuser.cs:512
mojoPortal.Web.Login.AuthenticateUser() in c:\__projects\contributors\tjfontaine\mojoportal\web\secure\login.aspx.cs:117
mojoPortal.Web.Login.lnkSignin_Click(Object sender, EventArgs e) in c:\__projects\contributors\tjfontaine\mojoportal\web\secure\login.aspx.cs:107
System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e) +108
System.Web.UI.WebControls.LinkButton.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +138
System.Web.UI.Page.ProcessRequestMain() +1273

Do you think its possible to get this to work without Administrator credentials or should we be looking for ways to securely store them?