堆栈内存溢出
  简体   繁体   English

OpenLdap C#与专有名称中的转义字符绑定

[英]OpenLdap C# bind with escaped characters in Distinguished Name

 原文  2013-02-19 14:55:20       c#/ ldap/ directoryservices/ openldap

问题描述

I have some working LDAP code in which we rebind to the found user in order to validate the user, using his distinguished name. 我有一些有效的LDAP代码,我们在其中重新绑定到找到的用户,以便使用其专有名称验证用户。 Effectively this is what is happening: 实际上,这是正在发生的事情: 

            string userDn = @"cn=Feat Studentl+umanroleid=302432,ou=Faculty of Engineering & Physical Sciences Administration,ou=Faculty of Engineering & Physical Sciences,ou=People,o=University of TestSite,c=GB";
            string fullPath = @"LDAP://surinam.testsite.ac.uk:636/" + userDn;

            DirectoryEntry authUser = new DirectoryEntry(fullPath, userDn, "mypassword", AuthenticationTypes.None);

            authUser.RefreshCache();

However this causes error unknown error 80005000 at DirectoryEntry.Bind() 但是,这会在DirectoryEntry.Bind()中导致错误未知错误80005000

I suspected the problem might be that the DN has a '+' and a '=' in the CN attribute. 我怀疑问题可能在于DN在CN属性中具有“ +”和“ =”。 Therefore after finding that the way to escape this should be with a \\ and the hex value of the character I tried this: 因此,在发现逃脱此方式的方法应该是使用\\和字符的十六进制值之后,我尝试了以下方法: 

            string userDn = @"cn=Feat Studentl\2Bumanroleid\3D302432,ou=Faculty of Engineering & Physical Sciences Administration,ou=Faculty of Engineering & Physical Sciences,ou=People,o=University of TestSite,c=GB";

However I get the error: 但是我得到了错误:

Login failure: unknown user name or bad password 登录失败:用户名未知或密码错误

I assume this is because that now it is happy with the request but it is failing to match the users DN, for some reason. 我认为这是因为现在它对请求感到满意,但是由于某种原因它无法匹配用户DN。

Is there anyway around this? 有没有办法解决?

2 个解决方案

解决方案1
 1  2013-02-19 16:10:35

In my experience developing LDAP services, whenever you get a login failure due to invalid credentials, that does tend to be the issue with the bind attempt. 根据我开发LDAP服务的经验,每当由于无效的凭据而导致登录失败时,这确实是绑定尝试的问题。 You're getting that error because DirectoryEntry does not parse the escaped characters in the DN... however, you shouldn't have to do that in the first place. 因为DirectoryEntry不会解析DN中的转义字符,所以您会收到此错误……但是,您不必首先这样做。

In your code - setting the AuthenticationTypes to "None" forces the entry to make a Simple bind based on the DN you're providing. 在您的代码中-将AuthenticationTypes设置为“ None”会强制条目根据您提供的DN进行简单绑定。 Since your including the server name as part of the path, I would try using the ServerBind auth type instead, like this : 由于您将服务器名称作为路径的一部分,因此,我将尝试使用ServerBind身份验证类型,例如: 

string LdapPath = ("LDAP://" + ldapUrl + "/" + Domain);

//Build the user and issue the Refresh bind
var dirEntry = new DirectoryEntry
                   {
                       Path = LdapPath,
                       Username = _usernameToVerify,
                       Password = _passwordToVerify,
                       AuthenticationType = AuthenticationTypes.ServerBind
                   };

//This will load any available properties for the user
dirEntry.RefreshCache();

Also, it looks like you're making this call to the secure LDAP port (636), so make sure you also include AuthenticationTypes.SecureSocketsLayer along with the ServerBind mechansim : 同样,您似乎正在对安全LDAP端口(636)进行此调用,因此请确保还包括AuthenticationTypes.SecureSocketsLayer和ServerBind机制: 

AuthenticationType = AuthenticationTypes.ServerBind | AuthenticationTypes.SecureSocketsLayer

Hope this helps! 希望这可以帮助!

解决方案2
 0  2013-02-20 13:02:31

I had to resort to digging through an old DLL project that was customised for one customer. 我不得不求助于为一个客户定制的旧DLL项目。

I managed to get it to work. 我设法使它起作用。 It appears you have to refer to these low level Directory Services routines if you have a DN with escape characters. 如果您的DN带有转义字符,则似乎必须参考这些低级目录服务例程。 (Note in real life the DN is obtained by an initial felxible user search by setting up a DirectorySearcher and doing FindOne first) (请注意,在现实生活中,DN是通过设置DirectorySearcher并首先执行FindOne通过初始易受攻击的用户搜索获得的) 

 string userDn = @"cn=Feat Studentl+umanroleid=302432,ou=Faculty of Engineering & Physical Sciences Administration,ou=Faculty of Engineering & Physical Sciences,ou=People,o=University of TestSite,c=GB";
 string basicUrl = @"surinam.testsite.ac.uk:636";



  var ldapConnection = new LdapConnection(basicUrl);
  ldapConnection.AuthType = AuthType.Basic;
  LdapSessionOptions options = ldapConnection.SessionOptions;
  options.ProtocolVersion = 3;
  options.SecureSocketLayer = true;

  NetworkCredential credential = new NetworkCredential(userDn, password);                             
  ldapConnection.Credential = credential;

  try
  {
      ldapConnection.Bind();
      Console.WriteLine("bind succeeded ");
  }
  catch (LdapException e)
  {
      if (e.ErrorCode == 49)
      {
           Console.WriteLine("bind failed ");
      }
      else
      {
          Console.WriteLine("unexpected result " + e.ErrorCode);
      }
  }
  catch (DirectoryOperationException e)
  {
      Console.WriteLine("unexpected error " + e.Message);
  }

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用 C# 中的实际字符替换转义字符 - Replace escaped characters with their actual characters in C# 改造-从C#获取的json中删除转义字符 - Retrofit - removing escaped characters from json acquired from C# 从uri转义字符串转换为原始字符串(C#) - Convert from uri escaped string to original characters string (C#) 在C#中将HTML转义字符解码回普通字符串 - Decode HTML escaped characters back to normal string in C# C#Active Directory DirSync。 是否可以获取专有名称属性? - C# Active Directory DirSync. Is it possible to get distinguished name attribute? 从C#读取LDAP(OpenLDAP)模式 - Reading LDAP(OpenLDAP) Schema from c# 如何在C#中删除OpenLdap对象? - How to delete a OpenLdap Object in C#? 在 c# 中取消转义转义的 url - Unescape an escaped url in c# C#替换转义的转义 - C# Replacing escaped escapes 在 C# 中转义内插字符串 - Escaped interpolated strings in C#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM