通过LDAP连接到Active Directory
[英]Connect to Active Directory via LDAP
问题描述
I want to connect to our local Active Directory with C#. 
我想用C#连接到我们的本地Active Directory。
I've found this good documentation . 我发现这篇文章很好 。
But I really don't get how to connect via LDAP. 但我真的不知道如何通过LDAP连接。
Can somebody of you explain how to use the asked parameters? 有人可以解释如何使用询问的参数吗?
Sample Code: 示例代码:
static DirectoryEntry createDirectoryEntry()
{
// create and return new LDAP connection with desired settings
DirectoryEntry ldapConnection = new DirectoryEntry("rizzo.leeds-art.ac.uk");
ldapConnection.Path = "LDAP://OU=staffusers,DC=leeds-art,DC=ac,DC=uk";
ldapConnection.AuthenticationType = AuthenticationTypes.Secure;
return ldapConnection;
}
I just have the Hostname and the IP Address of our Active Directory Server. 我只有Active Directory服务器的主机名和IP地址。 What does DC=xxx,DC=xx and so on mean? DC=xxx,DC=xx等等是什么意思?
3 个解决方案
解决方案1
82 已采纳 2013-02-11 14:48:56
DC is your domain. DC是您的域名。 If you want to connect to the domain example.com than your dc's are: DC=example,DC=com 如果你想连接到域example.com而不是你的dc:DC = example,DC = com
You actually don't need any hostname or ip address of your domain controller (There could be plenty of them). 您实际上不需要域控制器的任何主机名或IP地址(可能有很多)。
Just imagine that you're connecting to the domain itself. 试想一下,你正在连接到域名本身。 So for connecting to the domain example.com you can simply write 因此,要连接到域example.com,您只需编写即可
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
And you're done. 而且你已经完成了。
You can also specify a user and a password used to connect: 您还可以指定用于连接的用户和密码:
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com", "username", "password");
Also be sure to always write LDAP in upper case. 还要确保始终以大写形式编写LDAP。 I had some trouble and strange exceptions until I read somewhere that I should try to write it in upper case and that solved my problems. 我遇到了一些麻烦和奇怪的异常,直到我读到某个地方我应该尝试用大写字母写它并解决了我的问题。
The directoryEntry.Path Property allows you to dive deeper into your domain. directoryEntry.Path属性允许您深入了解您的域。 So if you want to search a user in a specific OU (Organizational Unit) you can set it there. 因此,如果要搜索特定OU(组织单位)中的用户,可以在那里进行设置。
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
directoryEntry.Path = "LDAP://OU=Specific Users,OU=All Users,OU=Users,DC=example,DC=com";
This would match the following AD hierarchy: 这将匹配以下AD层次结构:
- com COM
- example 例
- Users 用户
- All Users 所有用户
- Specific Users 特定用户
- Specific Users
- All Users
- Users
- example
Simply write the hierarchy from deepest to highest. 只需将层次结构从最深层写入最高层。
Now you can do plenty of things 现在你可以做很多事情了
For example search a user by account name and get the user's surname: 例如,按帐户名称搜索用户并获取用户的姓氏:
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
DirectorySearcher searcher = new DirectorySearcher(directoryEntry) {
PageSize = int.MaxValue,
Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=AnAccountName))"
};
searcher.PropertiesToLoad.Add("sn");
var result = searcher.FindOne();
if (result == null) {
return; // Or whatever you need to do in this case
}
string surname;
if (result.Properties.Contains("sn")) {
surname = result.Properties["sn"][0].ToString();
}
解决方案2
3 2013-02-11 14:04:38
ldapConnection is the server adres: ldap.example.com Ldap.Connection.Path is the path inside the ADS that you like to use insert in LDAP format. ldapConnection是服务器地址:ldap.example.com Ldap.Connection.Path是您希望以LDAP格式使用插入的ADS内部路径。
OU=Your_OU,OU=other_ou,dc=example,dc=com
You start at the deepest OU working back to the root of the AD, then add dc=X for every domain section until you have everything including the top level domain 您从最深的OU开始,回到AD的根目录,然后为每个域部分添加dc = X,直到您拥有包括顶级域的所有内容
Now i miss a parameter to authenticate, this works the same as the path for the username 现在我想念一个要进行身份验证的参数,这与用户名的路径相同
CN=username,OU=users,DC=example,DC=com
解决方案3
1 2015-10-23 19:22:29
If your email address is 'myname@mydomain.com', try changing the createDirectoryEntry() as below. 如果您的电子邮件地址是“myname@mydomain.com”,请尝试更改createDirectoryEntry(),如下所示。
XYZ is an optional parameter if it exists in mydomain directory 如果XYZ存在于mydomain目录中,则XYZ是可选参数
static DirectoryEntry createDirectoryEntry()
{
// create and return new LDAP connection with desired settings
DirectoryEntry ldapConnection = new DirectoryEntry("myname.mydomain.com");
ldapConnection.Path = "LDAP://OU=Users, OU=XYZ,DC=mydomain,DC=com";
ldapConnection.AuthenticationType = AuthenticationTypes.Secure;
return ldapConnection;
}
This will basically check for com -> mydomain -> XYZ -> Users -> abcd 这基本上会检查com - > mydomain - > XYZ - > Users - > abcd
The main function looks as below: 主要功能如下:
try
{
username = "Firstname LastName"
DirectoryEntry myLdapConnection = createDirectoryEntry();
DirectorySearcher search = new DirectorySearcher(myLdapConnection);
search.Filter = "(cn=" + username + ")";
....
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.