.NET Core Application and System.DirectoryServices in Docker container

1

I'm trying to put a .NET Core 3.1 application listing users in an AD group into a .NET Core Runtime Docker container. Accessing the AD is being done with the help of a DirectorySearcher from the System.DirectoryServices namespace. Out of the box, .NET Core doesn't support this namespace, but by adding the package System.DirectoryServices (dotnet add package System.DirectoryServices) installed the required assemblies and the application runs fine on a Win10 machine.

Trying to let the app run in a Linux .Net Core Runtime container throws an exception because DirectoryServices doesn't support this platform.

So I tried using a Windows-based container (tag 3.1.8-nanoserver-2004 to be precise), but then the DirectorySearcher's FindAll() throws the exception

System.DllNotFoundException: Unable to load DLL 'activeds.dll' or one of its dependencies: The specified module could not be found. (0x8007007E)

I've even tried copying the DLL from my host machine into the application's bin directory in the container, but to no avail.

Anyone got an idea what to do to access AD/LDAP from a container?

docker
.net-core
directoryservices
asked on Stack Overflow Sep 24, 2020 by user2206916

2 Answers

0

DirectoryServices will not currently work in Nano Server because the required dependencies are not available. You'll need to use a Windows Server Core image instead. There are not official .NET Core images available for Windows Server Core. (At least not yet. When .NET 5.0 ships, Windows Server Core images will be available for it. See GitHub issue for that proposal.)

You'll need to define your own Dockerfile that uses Windows Server Core as a base image and installs .NET Core in it. There is guidance on how to do this here.

Related links:

answered on Stack Overflow Sep 24, 2020 by Matt Thalman
0

Since I could not get a Windows Server container to add the Active Directory feature for the life of me, I decided to switch to something different and found LdapForNet

While this works nicely on the dev machine, I also had a hard time finding a way to call the required Bind() to our domain controller from inside a container. But after half a day of trial and error I found that LdapAuthType.Negotiate worked, but only if I gave the Realm as well:

using (var conn = new LdapConnection()){
    conn.Connect(new Uri("LDAP://the.domain.controller"));
    conn.Bind(LdapForNet.Native.Native.LdapAuthType.Negotiate,
        new LdapCredential {
            Realm = "DC=thedomain,DC=com",
            UserName = "The user to authenticate",
            Password = "Plain text password"
        }
    );
}

Hope this helps others trying to get LDAP queries running inside a container. Next stop: Trying the same inside a Linux container.

answered on Stack Overflow Sep 28, 2020 by user2206916

User contributions licensed under CC BY-SA 3.0