LDAP DirectorySearcher with MemberOf property
Question
I want to find all the users that are a member of a group in a certain OU, so my filter would look something like this:
(&(objectClass=user)(memberOf=*OU=something,OU=yep,DC=dev,DC=local))
Is there a way to run a directorysearcher on the memberof property with a wildcard?
5 answers
solution1
9 2009-10-02 18:26:01
You need to set the OU you want to search as the root of your DirectorySearcher:
DirectoryEntry myOU = new DirectoryEntry("OU=something,OU=yep,DC=dev,DC=local");
DirectorySearcher srch = new DirectorySearcher(myOU);
srch.SearchScope = SearchScope.Subtree;
and then use just the objectCategory=person for your filter - I would use objectCategory which is single-valued and indexed and thus fast rather than objectClass (which is multi-valued and not indexed):
srch.Filter = "(objectCategory=person)";
If you still want to check for membership in a group in addition to being part of the OU, you can add this as a member-of part to the filter:
srch.Filter = "(&(objectCategory=person)(memberOf=cn=Group,ou=yep,dc=dev,dc=local))";
Not totally sure about the wildcards - in general, LDAP search filters do support wildcards, but I'm a bit hesitant about using a wildcard in a RDN like this group DN here.
Marc
solution2
2 2009-10-02 19:13:14
根据此线程 ,Active Directory不支持通配符搜索DN。
solution3
0 2009-10-02 17:16:50
不要指定memberOf子句。
solution4
0 2009-10-02 17:33:23
Don't specify the memberOf clause. Just use "(objectClass=user)"
solution5
0 2011-01-24 09:32:11
Here is how i did this is the LDAP name is the group for which you need members
DirectoryEntry entry = new DirectoryEntry("LDAP://<COMPANYLDAP>/CN=<Group Name>,OU=something,OU=yep,DC=dev,DC=local");
DirectorySearcher Dsearch = new DirectorySearcher(entry);
SearchResult sResultSet = Dsearch.FindOne();
GetProperty(sResultSet, "member");
public static void GetProperty(SearchResult searchResult, string PropertyName)
{
StringBuilder strb = new StringBuilder();
if (searchResult.Properties.Contains(PropertyName))
{
ResultPropertyValueCollection rc = searchResult.Properties[PropertyName];
foreach (string name in rc)
{
DirectoryEntry entry = new DirectoryEntry("LDAP://<COMPANYLDAP>/" + name);
DirectorySearcher Dsearch = new DirectorySearcher(entry);
//Dsearch.Filter = name;
SearchResult sResultSet = Dsearch.FindOne();
strb.AppendLine(GetPropertyvalue(sResultSet, "displayname") + "," + GetPropertyvalue(sResultSet, "mail"));
}
}
File.WriteAllText(strb.ToString(), "c:\\Users.txt");
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.