[英]AD - LDAP error timeout in search with DirectoryEntry
I am connecting to the AD with this:我用这个连接到 AD:
public void ValidateCredentials(string username, string password, out ClaimsIdentity identity)
{
using (DirectoryEntry entry = new DirectoryEntry())
{
entry.RefreshCache();
entry.Username = username;
entry.Password = password;
DirectorySearcher searcher = new DirectorySearcher(entry);
searcher.ClientTimeout = TimeSpan.FromMinutes(2);
searcher.ServerTimeLimit = TimeSpan.FromMinutes(2);
searcher.Filter = "(&(&(objectclass=user)(objectcategory=person))" +
"sAMAccountName=" + username + ")";
SearchResult srResult = searcher.FindOne();
identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, username));
}
}
With that, if I put a user and password wrong, it gives me a wrong user or password error, if I put a correct user and password, it allows me to log in, but if I put a username that exists and a wrong password, it gives me a timeout error (at 30 seconds):这样,如果我输入了错误的用户名和密码,它会给我一个错误的用户名或密码错误,如果我输入了正确的用户名和密码,它允许我登录,但是如果我输入了一个存在的用户名和错误的密码,它给了我一个超时错误(30秒):
This operation returned because the timeout period expired.由于超时期限已过,此操作返回。
Try to increase the timeout time with ClientTimeout and ServerTimeLimit but nothing happened.尝试使用 ClientTimeout 和 ServerTimeLimit 增加超时时间,但没有任何反应。
Also try doing it with this:也尝试这样做:
string filter = "(&(&(objectclass=user)(objectcategory=person))" +
"sAMAccountName=username)";
NetworkCredential credentials = new NetworkCredential(username, password);
LdapDirectoryIdentifier directoryIdentifier =
new LdapDirectoryIdentifier("LDAP://DC=domain,DC=com", 389, false, false);
using (LdapConnection connection =
new LdapConnection(directoryIdentifier, credentials, AuthType.Basic))
{
connection.Timeout = new TimeSpan(0, 0, 90);
connection.SessionOptions.ProtocolVersion = 3;
SearchRequest search =
new SearchRequest(username, filter, System.DirectoryServices.Protocols.SearchScope.Base, "mail");
SearchResponse response = connection.SendRequest(search) as SearchResponse;
foreach (SearchResultEntry entry in response.Entries)
{
Console.WriteLine(entry.Attributes["mail"][0]);
}
}
But the server gave me an error that I did not support it.但是服务器给了我一个我不支持的错误。
I am open to ideas.我对想法持开放态度。
Thanks in advance.提前致谢。
Greetings问候
Edit: I add in case it is of any use, that we are doing this through a VPN that is capable of slowing things down.编辑:我补充说,如果它有任何用处,我们正在通过一个能够减慢速度的 VPN 来做到这一点。
The problem was that the LDAP url they gave me was not well optimized, they gave me a new url and the problem was fixed问题是他们给我的 LDAP url 没有得到很好的优化,他们给了我一个新的 url 并且问题已解决
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.