Directory Programming .NET

Ok, I'm close now. I'm able to set most of the user attributes by passing in an attribute array and then calling the SendRequest method, except for those attributes which are not strings. These are either bool types (true/false) or a date value. When I used the SDS methods, I was able to set these values to their native types: either true/false in the case of bool attributes, or as a LargeInteger in the case of the date values. But I can't get the SDS.P version of setting these attributes to work.

Here's a code snippet I am using for the bool case:

DirectoryAttribute[] dirAttribs = new DirectoryAttribute[numAttrs];

int attrIndex = 0;

bool flag = false

byte[] disable = BitConverter.GetBytes(flag);

dirAttribs[attrIndex++] = new DirectoryAttribute("msDS-UserAccountDisabled", disable );

I've managed to get the boolean attribute values to work by sending them into the DirectoryAttribute object as a string using upper case:

bool disable = false;

new DirectoryAttribute("msDS-UserAccountDisabled", disable.ToString().ToUpper());

Now my only issues are with attriubutes of type INT or LargeInteger. I'm using the LargeInteger to hold dates. I could get this to work using the SDS methods and simply set them to their native data type, but I can't get this to work using SDS.P. It appears that trying to use byte[] in the DirectoryAttribute() constructor causes the SendRequest to error out with the syntax error message. Also, I'm not sure how to translate the LargeInteger values here. Even if the byte[] syntax would work, is the LargeInteger simply an Int64? Does Adam automatically convert an Int64 into a LargeInteger? Or do I have to revert to SDS for these two attribute types?

Any suggestions on how to get this to work?

-Dave 

The actual way to set binary attributes in LDAP is with the string value "TRUE" or "FALSE".  Note the all caps. 

To set a long integer type, you convert the Int64 to a string and set with that.

Basically, in pure LDAP everything is a string.  The only time you need to use a byte[] is when the data can't be encoded as a string for some reason (might contain nulls, etc.).

ADSI goes through a lot of trouble to convert these values to native data types, but on the wire everything is a string.

I have no idea what the pwdExpirationDate attribute is though.  You can't set the actual pwd expire date in either AD or ADAM.  It is determined by the password policy in effect and the time the password was last set.  If that is your own schema for informational purposes then that's fine, but ADAM won't enforce it directly.

Yes, in LDAP, everything is a string or a byte[].  You essentially take your pick.  If you look closely at the S.DS.P API, you'll see that you can convert any attribute to either string or byte[] and can supply the values either way as well.

Generally, you use strings for everything unless the string contains unprintable characters or nulls.

One of the most useful tools I've found for learning this is Microsoft's LDP.exe tool, especially if you can find a recent build (2008 server) that has the "raw string" option for display.  When you use that option, the tool turns off its built in data conversion stuff and just shows the raw value as it gets sent on the wire.

It is a little weird at first, but once you get used to it you admire the simplicity.  :)

Generally speaking, I like to use generalized time attribute syntax for my own custom dates because the values are human readable and still sort nicely.  The only reason MS uses FILETIME in AD is because it is such a core OS data structure and many legacy SAM APIs use it.  However, if you are comfortable with it in your own code, that's cool.