无法在 SearchRequest 中查询没有可分辨名称的 AD?
[英]Could not query AD without distinguished name in SearchRequest?
问题描述
I am running a test Active directory and am trying to query with ldap.
我正在运行一个测试活动目录并尝试使用 ldap 进行查询。 I created a searchrequest object with distingueshed name empty and a filter this is throwing noSuchObject error code with "object does not exist" message.我创建了一个搜索请求 object,其可分辨名称为空,过滤器抛出 noSuchObject 错误代码并显示“对象不存在”消息。 I am only getting this from my test AD, if I use my company's production AD I am not getting exception, just a response with no hit.我只是从我的测试广告中得到这个,如果我使用我公司的生产广告,我没有得到异常,只是没有命中的响应。 What do I need to change in my test AD to see similar behaviour?我需要在我的测试广告中进行哪些更改才能看到类似的行为?
3 个解决方案
解决方案1
0 2011-07-06 04:50:49
You can use a PrincipalSearcher and a "query-by-example" principal to do your searching:您可以使用PrincipalSearcher和“示例查询”主体进行搜索:
// create your domain context
PrincipalContext ctx = new PrincipalContext(ContextType.Domain);
// define a "query-by-example" principal - here, we search for a UserPrincipal
// and with specified last name (surname)
UserPrincipal qbeUser = new UserPrincipal(ctx);
qbeUser.Surname = "Willis";
// create your principal searcher passing in the QBE principal
PrincipalSearcher srch = new PrincipalSearcher(qbeUser);
// find all matches
foreach(var found in srch.FindAll())
{
// do whatever here - "found" is of type "Principal" - it could be user, group, computer.....
}
If you haven't already - absolutely read the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 which shows nicely how to make the best use of the new features in System.DirectoryServices.AccountManagement如果您还没有 - 绝对阅读 MSDN 文章在 .NET 框架 3.5 中管理目录安全主体,它很好地展示了如何充分利用System.DirectoryServices.AccountManagement中的新功能
Of course, depending on your need, you might want to specify other properties on that "query-by-example" user principal you create:当然,根据您的需要,您可能希望在您创建的“示例查询”用户主体上指定其他属性:
-
Surname(or last name)Surname(或姓氏) -
DisplayName(typically: first name + space + last name)DisplayName(通常:名字 + 空格 + 姓氏) -
SAM Account Name- your Windows/AD account nameSAM Account Name- 您的 Windows/AD 帐户名称 User Principal Name- your "username@yourcompany.com" style nameUser Principal Name- 您的“username@yourcompany.com”样式名称
You can specify any of the properties on the UserPrincipal and use those as "query-by-example" for your PrincipalSearcher .您可以在UserPrincipal上指定任何属性,并将这些属性用作PrincipalSearcher的“示例查询”。
解决方案2
0 2011-07-06 15:44:54
@marc_s answered by giving you a way of searching @marc_s 通过给你一种搜索方式来回答
Back to your question, just a recall:回到你的问题,回想一下:
A LDAP search is A LDAP 搜索是
- The nod from which you ask to begin the search (in your case the DN of your OU)您要求开始搜索的点头(在您的情况下是您的 OU 的 DN)
- The scope of your search (base, onelevel, subtree)您搜索的 scope(基础、一级、子树)
- The filter of your search ((objectClass=group))您的搜索过滤器 ((objectClass=group))
- The attributes you want to retreive您要检索的属性
In you case it works when your ADSI layer is able to find a default Domain.在您的情况下,当您的 ADSI 层能够找到默认域时,它就可以工作。 So I think that you have to create a real LDAP-SEARCH request en perhaps also give credentials.所以我认为你必须创建一个真正的 LDAP-SEARCH 请求,也许还需要提供凭据。
解决方案3
0 已采纳 2011-07-06 20:31:19
Thanks for the other answers.感谢其他答案。 I solved my problem by using GC port 3268 instead of DC port 389 in the connection.我通过在连接中使用 GC 端口 3268 而不是 DC 端口 389 解决了我的问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.