stackoom
  简体   繁体   中英

Error to get user group from Active Directory use LDAP in mono

 原文  2015-09-15 11:23:59       c#/ active-directory/ mono/ ldap

Question

help me please deal with the problem.

I'm trying to get the user group with the following code. I run through the mono . The OS Windows data obtained normally (the account is not included in the domain). But when I start the same code on Linux get the error.

What do I need to do to obtain a normal result? 

using System;
using System.Text;
using System.DirectoryServices;
using System.Runtime.InteropServices;

namespace ActiveDirectoryTest
{
    class Program
    {
        private static void Main(string[] args)
        {
            try
            {
                DirectoryEntry de = new DirectoryEntry("LDAP://sub.domain.com","username@domain","password",AuthenticationTypes.None);                  

                DirectorySearcher search = new DirectorySearcher(de);
                search.ReferralChasing=ReferralChasingOption.All;
                search.Filter = "(&(ObjectClass=user)(sAMAccountName=username))";    

                search.PropertiesToLoad.Add("sAMAccountName");
                search.PropertiesToLoad.Add("memberOf");
                StringBuilder groupNames = new StringBuilder();

                var result = search.FindAll()[0];
                int propertyCount = result.Properties["memberOf"].Count;

                for (int propertyCounter = 0;
                    propertyCounter < propertyCount;
                    propertyCounter++)
                {
                    var dn = (String) result.Properties["memberOf"][propertyCounter];

                    var equalsIndex = dn.IndexOf("=", 1);
                    var commaIndex = dn.IndexOf(",", 1);
                    if (-1 == equalsIndex)
                    {
                        Console.WriteLine("error parse");
                    }
                    groupNames.Append(dn.Substring((equalsIndex + 1),
                        (commaIndex - equalsIndex) - 1));
                    groupNames.Append("|");
                }

                Console.WriteLine(groupNames.ToString());
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
            Console.ReadLine();
        }
    }
}

LdapException: (32) No Such Object LdapException: Server Message: 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of: '' Novell.Directory.Ldap.LdapException

1 answers

solution1
 1  2018-10-24 16:50:45

This error is usually generated when the search base is not valid. When you are using clear-text LDAP (my example below uses SSL, but you can comment out the change the authentication type to System.DirectoryServices.AuthenticationTypes.None), you can grab a network capture between your application host and the LDAP server on port 389 and see the actual search that is being performed.

Per MS's documentation , you should be able to use LDAP://dc=company,dc=gTLD without specifying a specific domain controller. Because I needed my code to be functional with both Active Directory and pure LDAP servers, I use something like LDAP://DomainController.company.gTLD/ou=UserOU,dc=company,dc=gTLD where the LDAP hostname and search base is included.

The function I use for LDAP authentication: 

protected string ldapAuthentication(string strLDAPServer, string strSuppliedUser, string strSuppliedPwd, string strSystemUID, string strSystemPwd, string strLDAPUserBase, string strUIDAttr){
    strSuppliedUser = strSuppliedUser.Trim();
string strResults = "";
    string strLDAPUserHost = strLDAPServer + strLDAPUserBase;

    // Establish LDAP connection and bind with system ID
    System.DirectoryServices.DirectoryEntry dirEntry = new System.DirectoryServices.DirectoryEntry();
    dirEntry.Path = strLDAPUserHost;
    dirEntry.Username = strSystemUID;
    dirEntry.Password = strSystemPwd;

dirEntry.AuthenticationType = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer;

    try
    {
        dirEntry.RefreshCache();

        // Search directory for the user logging on
        string strLDAPFilter = "(&(objectClass=user)(" + strUIDAttr + "=" + strSuppliedUser + "))";
        System.DirectoryServices.DirectorySearcher ldapSearch = new System.DirectoryServices.DirectorySearcher(dirEntry);
        ldapSearch.ServerTimeLimit = new TimeSpan(0, 0, 30);


        ldapSearch.Filter = strLDAPFilter;
        ldapSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;

        System.DirectoryServices.SearchResultCollection searchResults = ldapSearch.FindAll();


        if (searchResults.Count == 1){
        ...

This function is called like: 

strInputResults = ldapAuthentication("LDAP://DomainController.company.gTLD/", strInputSuppliedUser, strInputSuppliedPwd, "SystemAccount@company.gTLD", "Syst3mP@s5w0rd", "ou=UserOU,dc=company,dc=gTLD","sAMAccountName");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I get group description of a user from external active directory using LDAP change Active Directory LDAP user or group permissions via script LDAP query to get only OUs having atleast one Group in it from Active Directory How to get all the user's details from Active Directory using LDAP Retrieving user attributes from Active Directory using LDAP - JAVA Removing a User From an Active Directory Group Get all users from Active Directory group get contacts and users from active directory group get all users from a group in Active Directory Is it possible to get Group Notes from Active Directory?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM