C# – How to retrieve a complete list of Attributes for a class in an LDAP repository with .NET

cdirectoryservicesldap

I have an application that reads user records from an LDAP repository. I'm using the facilities in the System.DirectoryServices.Protocols namespace to do so. The objectclass is typically person or inetOrgPerson.

How can I dynamically read the attributes for a given class from the LDAP repository?

The following code produces a list of attributes for a sample user in the repository, but appears to only return those attributes that have values.

var connection = new LdapConnection(...);
SearchRequest request = new SearchRequest("CN=joe.user,DC=blah,DC=com", (string)null, SearchScope.Base);
SearchResponse response = (SearchResponse)connection.SendRequest(request);

var attributes = new List<string>();
foreach (SearchResultEntry entry in response.Entries)
{
    foreach (string attributeName in entry.Attributes.AttributeNames)
        attributes.Add(attributeName);
}

I can red the objectclass attribute from a sample user to get the classes, but then how would I retrieve all attributes for the user's objectclass list?

NOTE: the SearchRequest class claims that setting the Attributes property to null will return all attributes. Unfortunately there is no setter for this property!

NOTE 2: I've tried adding "*" and "+" to the list of attribute names to no avail.

Best Answer

To read the attributes that are populated in a directory entry, use the syntax @objectClassName, for example, @inetOrgPerson. Request this construct as one of the request attributes in the search. See also LDAP: Retrieving Attributes of an objectclass. This syntax is defined in RFC 4529.

To locate the schema, extract the value of the attribute subschemaSubEntry from the root DSE. The value of this attribute is the root of the schema. it is possible that a misconfigured server could prevent clients from reading the value of the subschemaSubEntry attribute, but this would be a grave error on the part of the administrators because all LDAP clients must discover the matching rules and ordering to use when comparing attribute values.

For more information about the root DSE, see the article "LDAP: The Root DSE".

Related Topic