C#Active Directory,登录特定OU
[英]C# Active Directory, Login in a specific OU
问题描述
I want to login in a only specific OU, but not in previous OU. 
我想只登录一个特定的OU,但不能登录以前的OU。
My parent function is: 我的父功能是:
if (Autentificado("LDAP://localhost/DC=ic,DC=enterprise,DC=us", user, pass, "cn=SpecificPeople,ou=Users,ou=Aplications,dc=ic,dc=enterprise,dc=us") != "")
{
return "OK";
}
It contains server direction with path, user, pass and a string for the "memberof" filter: 它包含带有path,user,pass和“memberof”过滤器字符串的服务器方向:
public static string Autentificado(string ldap, string usr, string pwd,string member)
{
try
{
DirectoryEntry entry = new DirectoryEntry(ldap, usr, pwd);
DirectorySearcher search = new DirectorySearcher(entry)
{
Filter = "(&(objectCategory=person)(memberof=" + member + "))"
};
search.PropertiesToLoad.Add("sn");
SearchResult result = search.FindOne();
return result.Properties["sn"][0].ToString();
}
catch (DirectoryServicesCOMException cex)
{
Console.WriteLine(cex);
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
return "";
}
It return the correct user of "OU=Users", but it return users of others OU or DC. 它返回“OU = Users”的正确用户,但它返回其他OU或DC的用户。 I want that people only can login in the "OU=Users". 我希望那些人只能登录“OU = Users”。
Thanks in advance. 提前致谢。
UPDATE 1: I think that the problem is with the structure of my LDAP and the filter of the DirectorySearcher: 更新1:我认为问题出在我的LDAP结构和DirectorySearcher的过滤器上:
DC=US
-DC=enterprise
-DC=ic
-OU=Apps
-OU=1
-OU=2
-OU=USERS
If i use: SearchScope.Subtree , it search in all directories. 如果我使用: SearchScope.Subtree ,它搜索所有目录。 SearchScope.OneLevel , it search in the DC=enterprise or in all OU=Apps (if i'm not mistaken). SearchScope.OneLevel ,它在DC =企业或所有OU = Apps中搜索(如果我没有记错的话)。 SearchScope.Base , it search in the DC=US. SearchScope.Base ,它在DC = US中搜索。
I want that the search will be only in the OU=USERS , and not in the others Directories (OU=1, OU=2). 我希望搜索只在OU = USERS中 ,而不在其他目录中(OU = 1,OU = 2)。
UPDATE 2 更新2
My GETUSER funtion is: 我的GETUSER功能是:
DirectoryEntry usercheck = GetUser(user, pass,"LDAP://someIP:389/CN=qualifiers,OU=USERS,OU=Aplications,DC=ic,DC=enterprise,DC=us");
And in the "DirectoryEntry searchRoot", i need to set an user and password for enter in the LDAP. 在“DirectoryEntry searchRoot”中,我需要设置用户和密码以便在LDAP中输入。 If not, it take me error: 如果没有,它会带我错误:
using (DirectoryEntry searchRoot = new DirectoryEntry(rootWeAreLooking,"ic\\"+userName,pass, AuthenticationTypes.None))
I see that this could be work, but it search in all directories of OU=Aplications yet. 我看到这可能有用 ,但它在OU = Aplications的所有目录中搜索。
I think that i need to filter by CN=qualifiers , but i don't know how. 我认为我需要按CN =限定符过滤,但我不知道如何。
Update 3 更新3
I need to try properly, but i think that i do the correct filter: 我需要正确尝试,但我认为我做了正确的过滤器:
searcher.Filter = String.Format("(&(objectCategory=person)(memberof=CN=qualifiers,OU=USERS,OU=Aplications,DC=ic,DC=enterprise,DC=us)(sAMAccountName={0}))", userName);
2 个解决方案
解决方案1
3 2015-04-10 08:11:09
So I just created this code which does the thing you want. 所以我刚刚创建了这个代码来完成你想要的东西。 I splitted the code into multiple methods, so you can use some singe functions like ValidateUser else where. 我将代码分成多个方法,因此你可以使用一些单一函数,如ValidateUser else where。
- Find the user in the AD and the ou (root) you are searching in and make shure he exits 找到AD中的用户和您正在搜索的ou(root)并使shure退出
- Now that we know that he is allowed to "LOGIN" we are validating his password against AD. 现在我们知道他被允许“登录”,我们正在验证他对AD的密码。
If all went fine, the user is in the
OU=USER(in your case) and also the password is correct如果一切顺利,用户在OU=USER(在您的情况下)并且密码也是正确的private void TestTheMethods() { //Search for the user, in the ou "user" DirectoryEntry user = GetUser("FirstName LastName","FullOrganisationUnitPath"); //Found user? if (user == null) { return; } //ValidateUser if (!ValidateUser(user, "userPassword")) { return; } } public DirectoryEntry GetUser(string userName, string rootWeAreLooking = "") { DirectoryEntry user = null; using(DirectoryEntry searchRoot = new DirectoryEntry(rootWeAreLooking)) using(DirectorySearcher searcher = new DirectorySearcher(searchRoot)) { searcher.Filter = String.Format("(&(objectCategory=person)(cn={0}))",userName); //searcher.SearchScope = SearchScope.Subtree; //SearchScope.Subtree --> Search in all nested OUs //SearchScope.OneLevel --> Search in the Ou underneath //SearchScope.Base --> Search in the current OU search.SearchScope = SearchScope.OneLevel; SearchResult result = searcher.FindOne(); if (result == null) { return null; } //Found user return result.GetDirectoryEntry(); } } public Boolean ValidateUser(DirectoryEntry entry, string pwd) { Boolean isValid = false; try { DirectoryEntry validatedUser = new DirectoryEntry(entry.Path, entry.Name.Remove(0,3), pwd); //Check if we can access the Schema var Name = validatedEntry.SchemaEntry; //User exits, username is correct and password is accepted isValid = true; } catch(DirectoryServicesCOMException ex) { isValid = false; ///User wrong? wrong password? } return isValid; }
解决方案2
1 已采纳 2015-04-13 14:36:55
Finally, I do this filter and works for me: 最后,我做了这个过滤器并为我工作:
searcher.Filter = String.Format("(&(objectCategory=person)(memberof=CN=qualifiers,OU=USERS,OU=Aplications,DC=ic,DC=enterprise,DC=us)(sAMAccountName={0}))", userName);
And in my LDAP path, i put the root path directory 在我的LDAP路径中,我放置了根路径目录
DC=ic,DC=enterprise,DC=us
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.