stackoom
  简体   繁体   中英

Query LDAP by userCertificate attribute, with certificate

 原文  2014-08-26 22:15:00       c#/ ldap/ adlds

Question

I am getting the cert as byte[] such as: 

byte[] certRaw;
X509certificate2 x509Cert = new x509Certificate2(Request.ClientCertificate.Certificate);
certRaw = x509Cert.GetRawCertData();

then I am trying to look up a user in LDAP by that value. 

DirectorySearcher finduser = new DirectorySearcher(ldapconnection);
findUser.Filter = "(&(objectClass=user)(userCertificate=" + certRaw + "))";

This is not working to match the userCertificate in the LDAP. I am able to look up the user by the CN if I grab that off the cert and use it instead of the userCertificate attribute, but that is not the requirement I've been given. Any help is appreciated.

1 answers

solution1
 0  2015-05-21 16:22:28

I was asked the same thing!

Well, I was asked "how can I find a user in Active Directory by the certificate published against them when all I have is the certificate, and the certificate doesn't necessarily have the user's subject name in it and might not be consistent with anything". So: close enough.

And I put your question together with another answer, and got something that looks like it works.

Usual disclaimers apply : Don't do this ... This might cripple your DCs, or be mildly carcinogenic, or something. Don't know how or whether it works with multiple certificates stuffed into userCertificate, so the query would likely need to be modified in that case.

To run this, you need a .CER file of the certificate you're searching for. Then it's 

FindUserWithCert mycert.CER

And you're away. 

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.DirectoryServices;

/// This is sample code only so please enjoy it with all care
/// and no responsibility :) 
/// 
namespace FindUserWithCert
{
    class Program

    {
        static void Main(string[] args)
        {
            byte[] certRaw; 
            X509Certificate2 x509Cert = new X509Certificate2(args[0]); 
            certRaw = x509Cert.GetRawCertData();

            string certBytes = "";

            foreach (byte b in certRaw){
                certBytes += String.Format("\\{0:X}", b);
                //Console.Write (String.Format("\\{0:X}",b));
            }

            DirectorySearcher findUser = new DirectorySearcher("(&(objectClass=user)(userCertificate=" + certBytes + "))");

            foreach (System.DirectoryServices.SearchResult thing in findUser.FindAll())
            {
                Console.WriteLine(thing.Path.ToString());
            }

        }
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question LDAP Manager Attribute LDAP Query for OU's LDAP Query to getUserGroups LDAP query invalid characters LDAP injection in LDAP query c# LDAP Query: Administrators on a computer Query From LDAP for User Groups Limiting the attributes returned in an LDAP query LDAP Query Search Depth Problem Assistence with C# LDAP query
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM