[英]Case-Sensitive LDAP Queries
I am doing an LDAP query with DirectoryEntry/DirectorySearcher to authenticate a user in Active Directory via a C# web app like so (the ConnectionString property is just equivalent to LDAP://server.domain):我正在使用 DirectoryEntry/DirectorySearcher 进行 LDAP 查询,以通过 C# Web 应用程序对 Active Directory 中的用户进行身份验证(ConnectionString 属性仅等同于 LDAP://server.domain):
internal bool AuthenticateUser(string username, string password)
{
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
return false;
var entry = new DirectoryEntry(this.ConnectionString, username, password);
var searcher = new DirectorySearcher { SearchRoot = entry, Filter = "(objectclass=user)" };
try
{
var result = searcher.FindOne();
return true; //connection to AD succeeded, authentication was successful
}
catch (DirectoryServicesCOMException)
{
return false; //impersonating the user failed
}
}
These queries are all hitting an SBS server which, when you create a new user, appears to use uppercase values for the pre-Windows 2000 (ie NetBIOS) name.这些查询都在访问 SBS 服务器,当您创建新用户时,该服务器似乎使用大写值作为 Windows 2000 之前的名称(即 NetBIOS)。 So, if I add a new user called "Test User", the username might be "tuser" but the NetBIOS name it specifies is "TUser".
因此,如果我添加一个名为“Test User”的新用户,用户名可能是“tuser”,但它指定的 NetBIOS 名称是“TUser”。 When a user puts in a user/pass that hits this method, "tuser" fails to be authenticated whereas "TUser" succeeds.
当用户输入命中此方法的用户/通行证时,“tuser”无法通过身份验证,而“TUser”会成功。
My question is whether it is possible to modify this so usernames don't have to be case-sensitive?我的问题是是否可以修改它以便用户名不必区分大小写?
The attribute definition in the schema defines which characters can be used in an attribute value for the attribute being defined.模式中的属性定义定义了哪些字符可以用于正在定义的属性的属性值中。 The matching rule(s) - also in the attribute definition in the schema - determine how attribute values are compared for equality, substring, ordering, and so forth.
匹配规则(也在模式的属性定义中)确定如何比较属性值的相等性、子字符串、排序等。 The matching rule(s) determine the "case-sensitivity" (although it's really not that simple) of a comparison of attributes.
匹配规则决定了属性比较的“区分大小写”(尽管实际上并不那么简单)。
Matching rules must be used by the server (and clients) when comparing attribute values.比较属性值时,服务器(和客户端)必须使用匹配规则。
For OpenLDAP there is a syntax to filter values in case-sensitive way.对于 OpenLDAP,有一种以区分大小写的方式过滤值的语法。
Two short examples:两个简短的例子:
(&(ou:caseExactMatch:=cwm)(objectClass=person))
+ will match case-sensitive ou= value of 'cwm'
- will NOT match 'CWM', 'CwM' or 'Cwm'
(&(ou=cwm)(objectClass=person))
+ will match case-insensitive (by default) all ou= values like 'cwm', 'CWM', 'CwM', 'Cwm'
The syntax seems to be:语法似乎是:
attr:matchingRule:=value
See "8.3.4 Matching rules" at:请参阅“8.3.4 匹配规则”,网址为:
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Finding_Directory_Entries-LDAP_Search_Filters.html#using-matching-rules https://access.redhat.com/documentation/zh-CN/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Finding_Directory_Entries-LDAP_Search_Filters.html#using-matching-rules
Also there are several matchingRule
types:还有几种
matchingRule
类型:
https://ldapwiki.com/wiki/MatchingRule https://ldapwiki.com/wiki/MatchingRule
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.