Friday, 28 March 2014

The server cannot handle directory requests ldap error

Description:

I got the LdapConnection exception The server cannot handle directory requests with the following Stack Trace when I try to restore a deleted AD user in C#.

Message: The server cannot handle directory requests

Stack Trace: at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)

Here is my C# code:

private static void RestoreTombstone(string dcName, string deletedObjectDN, string deletedUserCN,string lastKnownParent, NetworkCredential credential)
    {
        LdapConnection connection = new LdapConnection(new LdapDirectoryIdentifier(dcName), credential, AuthType.Negotiate);
        connection.Bind();
        connection.SessionOptions.ProtocolVersion = 3;

        // to remove value of isDeleted attribute
        DirectoryAttributeModification deleteIsDeletedAttr = new DirectoryAttributeModification();
        deleteIsDeletedAttr.Name = "isDeleted";
        deleteIsDeletedAttr.Operation = DirectoryAttributeOperation.Delete;

        string newDN = string.Format("cn={0},{1}", deletedUserCN, lastKnownParent); 
        // to remove value of isDeleted attribute
        DirectoryAttributeModification replaceDNAttr = new DirectoryAttributeModification();
        replaceDNAttr.Name = "distinguishedName";
        replaceDNAttr.Operation = DirectoryAttributeOperation.Replace;
        replaceDNAttr.Add(newDN);

        ModifyRequest request = new ModifyRequest(deletedObjectDN, new DirectoryAttributeModification[] { deleteIsDeletedAttr, replaceDNAttr });
        request.Controls.Add(new ShowDeletedControl());

        try
        {
            ModifyResponse response = (ModifyResponse)connection.SendRequest(request);
            if (response.ResultCode == ResultCode.Success)
            {}
        }
        catch (Exception exception)
        {Console.WriteLine("Failed to Restore Deleted AD User:" + exception.Message);}
    }


Fix or Solution to the LDAP error: The server cannot handle directory requests

After I have googled and analyzed some time, I found the root cause for the issue is invalid or unaccepted value in DirectoryAttributeModification. Yes while we use DirectoryAttributeModification control to change the attribute value, we should give valid value for the corresponding attribute to modify.

In our case, we are changing deleted user's distinguishedName attribute into new value in C#. to make new DN, we are joining user's CN and lastKnowParent.

CN: Test,User
lastKnowParent: OU=TestOU,DC=MyDomain,DC=Com

We have no problem with lastKnowParent, but in CN we have the special character , (comma), this special character is not allowed in distinguishedName. so this special character is the root cause for the error The server cannot handle directory requests in our code. so we need to include escape sequence for that special character.

Now I have changed my code like
deletedUserCN=deletedUserCN.Replace(@",", @"\,")
 string newDN = string.Format("cn={0},{1}", deletedUserCN, lastKnownParent);
This fix solved the error 'The server cannot handle directory requests' for us. If you face this error in any other situation with LdapConnection just check whether you are supplying valid input values.

Thanks,
Morgan
Software Developer

Advertisements
Advertisements

No comments:

Post a Comment