Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make System.DirectoryServices.DirectorySearcher cross-plattform (Linux/macOS support) #102601

Closed
rklec opened this issue May 23, 2024 · 10 comments
Closed

Make System.DirectoryServices.DirectorySearcher cross-plattform (Linux/macOS support) #102601

rklec opened this issue May 23, 2024 · 10 comments
Labels
area-System.DirectoryServices

Comments

@rklec
Copy link

rklec commented May 23, 2024
edited

Description

In #14734 support for Windows has been added, in #23944 (comment) / #35380 Linux support for System.DirectoryServices.Protocols has been added.

#84831 and #37100 tracks related progress for making System.DirectoryServices.AccountManagement cross-plattform.

However, I'd really only like to use DirectorySearcher to simplify search the AD/LDAP for users.

Reproduction Steps

There are other simple wrappers around System.DirectoryServices.Protocols that already work and are the only cross-platform alternative. Or LinqToLdap, which unfortunately does not seem to be maintained anymore, (but is recommend by OWASP)

Expected behavior

Support that wrapper around LDAP just for searching on Linux/macOS, too.

Actual behavior

When importing it, I get error CA1416.

The doc also confirms this it "applies to" Windows Desktop (only), compared with System.DirectoryServices.Protocols.DirectoryRequest.SearchRequest, which applies to all .NET versions.

Regression?

No response

Known Workarounds

Use wrapper linked above.

Configuration

No response

Other information

#25121 is also about this issue.
@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label May 23, 2024
@rklec rklec mentioned this issue May 23, 2024
Open
@steveharter
Copy link
Member

System.DirectoryServices.Protocols.DirectoryRequest.SearchRequest, which applies to all .NET versions.

Yes that assembly is cross-platform.

Can you use that cross-plaform SearchRequest class from there instead of the Windows-only DirectorySearcher for your LDAP scenarios? What functionality is missing?

@steveharter steveharter added the needs-author-action An issue or pull request that requires more info or actions from the author. label May 29, 2024
@rklec
Copy link
Author

rklec commented Jun 3, 2024
edited

Well... there is a reason DirectorySearcher as a wrapper exists for SearchRequest, is not it?

E.g. I then found LinqToLdap, which also wraps around SearchRequest, but e.g. amends it with features like:

  • paginated queries (AFAIK DirectorySearcher supports paging this is kinda sad.) without needing to (re-)implement all that cookie stuff/handling - this is, personally, most important for me
  • also, as the docs says for it it supports much more like integrated caching,

Also, it supports more features than DirectorySearcher, like:

@dotnet-policy-service dotnet-policy-service bot removed the needs-author-action An issue or pull request that requires more info or actions from the author. label Jun 3, 2024
@steveharter
Copy link
Member

Pinging consultants @BRDPM @grubioe @jay98014. What is the feasibility of making this cross-plat?

@buyaa-n
Copy link
Member

buyaa-n commented Jun 4, 2024

Also ping @joperezr for input

@joperezr
Copy link
Member

joperezr commented Jun 5, 2024

It's been a while since I looked at it so this is very outdated, but IIRC the assembly (as I didn't just look at this type specifically) had a lot of windows-specific concepts which would make it hard/impossible or maybe just misleading to have it be cross platform. For instance, some of the APIs were leaking COM objects. We picked System.DirectoryServices.Protocols as the one to make cross platform as that one, on the other hand, had basically no windows-specific concepts and instead is essentially just a managed layer on top of the ldap protocol itself. For the request here, I agree with Steve and I would expect the existing API should be sufficient for most if not all use cases, as after all it is just a layer lower in the stack. In the framework we have a lot of cases where you can achieve the same thing via multiple ways, and in terms of ActiveDirectory management that's the same, were one is lower in the stack and more down to the protocol, whereas DirectorySearcher is just a higher level abstraction that makes it more user friendly

@khellang
Copy link
Member

khellang commented Jun 5, 2024

Well... there is a reason DirectorySearcher as a wrapper exists for SearchRequest, is not it?

DirectorySearcher is not a wrapper for SearchRequest. System.DirectoryServices.Protocols is an entirely different thing that operates on the protocol level and share very little code with System.DirectoryServices and System.DirectoryServices.AccountManagement (which are both based on COM and ADSI). Here's an old image floating around the internets showing the layering:

image

Of course, it might (or might not) be possible to re-implement DirectorySearcher on top of SearchRequest, but it's probably Very Hard™ and would probably break a lot of Windows-isms.

@steveharter
Copy link
Member

Closing; not planned \ feasible.

@steveharter steveharter closed this as not planned Won't fix, can't repro, duplicate, stale Jun 5, 2024
@dotnet-policy-service dotnet-policy-service bot removed the untriaged New issue has not been triaged by the area owner label Jun 5, 2024
@rklec
Copy link
Author

rklec commented Jun 7, 2024
edited

Then what about adding support for paging and possibly other features I currently miss (which are not platform-dependent) or so in SearchRequest or a new API using this? Or should I open a new issue for that?

@khellang
Copy link
Member

khellang commented Jun 7, 2024

Then what about adding support for paging and possibly other features I currently miss (which are not platform-dependent) or so in SearchRequest or a new API using this?

Sounds like a nice opportunity for an open-source project 😄

@rklec
Copy link
Author

rklec commented Jun 7, 2024

an open-source project 😄

...like .NET runtime 😉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.DirectoryServices
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@khellang @steveharter @joperezr @buyaa-n @rklec