stackoom
  简体   繁体   中英

LDAP Path And Permissions To Query Local User Directory?

 原文  2014-05-22 13:34:38       c#/ asp.net/ permissions/ active-directory

Question

I am working on a web application, ASP.NET, C#. Users are required to log in using an account local to the machine the app is running on, which I'll call "cyclops" for this example. I want the app to be able to query the local directory of users and groups to determine what groups the user is in. The code looks something like this: 

DirectoryEntry entry = new DirectoryEntry("WinNT://cyclops/Users", "SomeServiceAccount",
    "SvcAcctP@$$word", AuthenticationTypes.Secure);
entry.RefreshCache();
// Etc.

My two problems are:

  1. That's pretty clearly not the correct path to use, but my research and experimentation hasn't found the right answer. This MSDN article talks about local paths , but doesn't fill in the blanks. Do I use "LDAP://cyclops/Users", "WinNT://localhost/Users", "WinNT://cyclops/cn=Users"?
  2. As you can see, I'm providing the credentials of a local service account. That account needs permission to access the local directory, but I have no idea where to set those permissions. Is it a specific file somewhere? Does the account need to be a member of a particular group?

My experimentation has produced many errors: "The group name could not be found.", "The provider does not support searching...", "The server is not operational.", "Unknown error (0x80005004)", etc.

Thank you for your time... -JW

1 answers

solution1
 1 ACCPTED  2014-05-22 14:42:23

WinNT requires the following format 

WinNT://<domain/server>/<object name>,<object class>

To get groups of a given user, use 

using (DirectoryEntry user = new DirectoryEntry("WinNT://./UserAccount,user"))
{
    foreach(object group in (IEnumerable)user.Invoke("Groups",null)) 
    { 
        using(DirectoryEntry g = new DirectoryEntry(group))
        {
            Response.Write(g.Name);
        }
    } 
}

where

  • UserAccount is a name of required user.
  • dot stands for current machine (you can replace it with cyclops or use Environment.MachineName)
  • user credentials ("SomeServiceAccount", "SvcAcctP@$$word") might be required, depends on setup

To get users in a particular group, use 

using (DirectoryEntry entry = new DirectoryEntry("WinNT://./Users,group")) 
{
    foreach (object member in (IEnumerable)entry.Invoke("Members"))
    {
        using(DirectoryEntry m = new DirectoryEntry(member))
        {
            Response.Write(m.Name);
        }
    }
}

where

  • Users is a name of group

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question change Active Directory LDAP user or group permissions via script How to retrieve Specific user by LDAP Path in active Directory Path of the local directory How to validate LDAP path against Active Directory Query From LDAP for User Groups User/Group Permissions in Active Directory Active Directory LDAP, Elevated permissions to read groups..? Getting user group in LDAP using Novell.Directory.Ldap.NETStandard LDAP Find groups for a Active Directory User in .NET Active Directory LDAP - Lock User Account
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM