[英]How to get nested groups (subgroups) in System.DirectoryServices.Protocol in c#
I have a function which gets parameter as Distringuished name
of a group and returns the nested groups or groups within a given group using SearchRequest
query and SearchResponse
. 我有一个函数,该函数获取参数作为组的
Distringuished name
,并使用SearchRequest
查询和SearchResponse
返回给定组内的嵌套组或组。 The code works fine when I use DirectoryEntry
but failed when I use LdapConnection
class. 当我使用
DirectoryEntry
时,代码工作正常,但是当我使用LdapConnection
类时,代码失败。 It is necessary to work with LdapConnection
class. 有必要使用
LdapConnection
类。 Please find below the code snippet: 请在下面的代码段中找到:
public static void GetNestedGroups(string strGroupDN)
{
var _currentDomainofLoggedinUser = Domain.GetComputerDomain();
var currentDomainofLoggedinUser = Domain.GetComputerDomain();
var currentDomainController = currentDomainofLoggedinUser.FindDomainController(); //Gets the current Domain controller
var domainName = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName;
string strPath = "LDAP://" + currentDomainController.Name; //Gets the current domain controller name
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
using (LdapConnection ldap = new LdapConnection(new LdapDirectoryIdentifier(domainName, 636)))
{
ldap.AuthType = AuthType.Basic;
ldap.SessionOptions.SecureSocketLayer = false;
var s = new SecureString();
NetworkCredential network = new NetworkCredential(WindowsIdentity.GetCurrent().Name, s);
string ldapSearchFilter = String.Format
("(&(memberOf={0})(objectClass=group))", strGroupDN);
NetworkCredential cred = CredentialCache.DefaultNetworkCredentials;
ldap.Bind(network);
string[] attributesToReturn = new string[] { "distinguishedName" };
SearchRequest searchRequest = new SearchRequest(strGroupDN, ldapSearchFilter, SearchScope.OneLevel, attributesToReturn);
searchRequest.DistinguishedName =
strGroupDN;
searchRequest.Filter = String.Format
("(&(memberOf={0})(objectClass=group))", strGroupDN);
SearchResponse response = (SearchResponse)ldap.SendRequest(searchRequest);
if (response != null && response.Entries.Count > 0)
{
SearchResultEntry obj = response.Entries[0];
var groupCount = ((System.Collections.CollectionBase)(obj.Attributes["memberOf"])).Count;
foreach (SearchResultEntry entry in response.Entries)
{
var groupName = entry.DistinguishedName;
_subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0]);
GetNestedGroups(groupName);
}
}
}
}
In the response it doesn't give anything. 在响应中,它什么也没有给出。 (In case of
DirectoryEntry
, it does provide the result) (对于
DirectoryEntry
,它确实提供了结果)
I think you are making this too hard. 我认为您太难了。 Assuming you are using Microsoft Active Directory and your desire is to get the Groups that are members of an existing group, I think you can use a filter such as:
假设您使用的是Microsoft Active Directory,并且您希望获得属于现有组成员的组,那么我认为您可以使用以下过滤器:
(&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET))
If you want all the members, including users: 如果要所有成员,包括用户:
(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)
Or to retrieve only users: 或仅检索用户:
(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)
Got most of this from ldapwiki 从ldapwiki获得了大部分信息
Let us know if this works. 让我们知道这是否有效。
For any group , we can get a group object using the below query:- 对于任何组,我们可以使用以下查询获取组对象:
public static void GetUsersCorrespondingToGroupChild(string strGroupDN) { 公共静态无效GetUsersCorrespondingToGroupChild(string strGroupDN){
SearchRequest searchRequest = new SearchRequest();
searchRequest.DistinguishedName = strGroupDN;
searchRequest.Filter = String.Format("(&(objectCategory=Group)(CN={0}))", strGroupDN.ToString().Split('=')[1].Split(',')[0]);
SearchResponse response =
(SearchResponse)ldap.SendRequest(searchRequest);
if (response != null && response.Entries.Count > 0)
{
SearchResultEntry obj = response.Entries[0];//I get group object here
if (obj.Attributes["member"] != null)
{
var childCount = ((System.Collections.CollectionBase)(obj.Attributes["member"])).Count;
for (int i = 0; i < childCount; i++)
{
string groupName = obj.Attributes["member"][i].ToString();//I get all members in which i have to find subgroups
List<string> localGroupList = new List<string>();
if (groupName.Contains("OU=Groups"))
{
var attributes = obj.Attributes.AttributeNames;
string attributesstr = string.Empty;
foreach (var item in attributes)
{
attributesstr = attributesstr + "," + item;
}
_subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0] + " : " + attributesstr);
count_Children++;
}
}
}
}
}
so for subgroups, i just have to get attributes["member"] query to return all the users and groups and then i have to retrive the groups corresponding to it. 因此对于子组,我只需要获取attribute [“ member”]查询以返回所有用户和组,然后我就必须检索与之对应的组。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.