C# – Active Directory LDAP Search Filter or operator syntax

active-directorycldap

I am using LDAP Directory Services in C# to search users from LDAP with some filter criteria. I want to supply multiple OR filter criteria. For example firstName, lastName, telephone etc. It works fine when I supply all filter values but gives error when I just supply one or two filter values.

Here is the sample code I am using:

var LdapSearcher = new DirectorySearcher(RootDomain, 
                   "(&(objectclass=user)(sn=" + lastName.Trim() + ")(givenName=" + firstName.Trim() + "))");

I get the result when I supply both sn and givenName values. However, it's an OR search and user will enter either lastName or FirstName.

How to apply OR Filter in LDAP DirectorySearcher.?

Best Answer

You need to use the | operator. From what you've provided, your conditions are :

objectclass must be equal "user"
sn OR givenName must be equal to the provided value

Let's say the user has provided the name "John Smith". Your filter should look like :

(&(objectClass=user)(|(sn=Smith)(givenName=John)))

Related Solutions

C# – Validate a username and password against Active Directory

If you work on .NET 3.5 or newer, you can use the System.DirectoryServices.AccountManagement namespace and easily verify your credentials:

// create a "principal context" - e.g. your domain (could be machine, too)
using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YOURDOMAIN"))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials("myuser", "mypassword");
}

It's simple, it's reliable, it's 100% C# managed code on your end - what more can you ask for? :-)

Read all about it here:

Update:

As outlined in this other SO question (and its answers), there is an issue with this call possibly returning True for old passwords of a user. Just be aware of this behavior and don't be too surprised if this happens :-) (thanks to @MikeGledhill for pointing this out!)

What are the differences between LDAP and Active Directory

Active Directory is a database based system that provides authentication, directory, policy, and other services in a Windows environment

LDAP (Lightweight Directory Access Protocol) is an application protocol for querying and modifying items in directory service providers like Active Directory, which supports a form of LDAP.

Short answer: AD is a directory services database, and LDAP is one of the protocols you can use to talk to it.

Best Answer

Related Solutions

C# – Validate a username and password against Active Directory

What are the differences between LDAP and Active Directory

Related Topic