[英]How do I get group description of a user from external active directory using LDAP
[英]Error to get user group from Active Directory use LDAP in mono
請幫我處理問題。
我正在嘗試使用以下代碼獲取用戶組。 我通過單聲道 。 正常獲取的OS Windows數據(該帳戶未包含在域中)。 但是當我在Linux上啟動相同的代碼時會出現錯誤。
我需要做些什么才能獲得正常結果?
using System;
using System.Text;
using System.DirectoryServices;
using System.Runtime.InteropServices;
namespace ActiveDirectoryTest
{
class Program
{
private static void Main(string[] args)
{
try
{
DirectoryEntry de = new DirectoryEntry("LDAP://sub.domain.com","username@domain","password",AuthenticationTypes.None);
DirectorySearcher search = new DirectorySearcher(de);
search.ReferralChasing=ReferralChasingOption.All;
search.Filter = "(&(ObjectClass=user)(sAMAccountName=username))";
search.PropertiesToLoad.Add("sAMAccountName");
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
var result = search.FindAll()[0];
int propertyCount = result.Properties["memberOf"].Count;
for (int propertyCounter = 0;
propertyCounter < propertyCount;
propertyCounter++)
{
var dn = (String) result.Properties["memberOf"][propertyCounter];
var equalsIndex = dn.IndexOf("=", 1);
var commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
Console.WriteLine("error parse");
}
groupNames.Append(dn.Substring((equalsIndex + 1),
(commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
Console.WriteLine(groupNames.ToString());
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Console.ReadLine();
}
}
}
LdapException:(32)No Such Object LdapException:Server Message:0000208D:NameErr:DSID-03100213,problem 2001(NO_OBJECT),data 0,best match of:''Novell.Directory.Ldap.LdapException
當搜索庫無效時,通常會生成此錯誤。 當您使用明文LDAP時(我的示例下面使用SSL,但您可以注釋掉將身份驗證類型更改為System.DirectoryServices.AuthenticationTypes.None),您可以在應用程序主機和LDAP服務器之間獲取網絡捕獲端口389並查看正在執行的實際搜索。
根據MS的文檔 ,您應該能夠使用LDAP:// dc = company,dc = gTLD而無需指定特定的域控制器。 因為我需要我的代碼可以同時使用Active Directory和純LDAP服務器,所以我使用LDAP://DomainController.company.gTLD/ou=UserOU,dc=company,dc=gTLD,其中LDAP主機名和搜索庫是包括在內。
我用於LDAP身份驗證的函數:
protected string ldapAuthentication(string strLDAPServer, string strSuppliedUser, string strSuppliedPwd, string strSystemUID, string strSystemPwd, string strLDAPUserBase, string strUIDAttr){
strSuppliedUser = strSuppliedUser.Trim();
string strResults = "";
string strLDAPUserHost = strLDAPServer + strLDAPUserBase;
// Establish LDAP connection and bind with system ID
System.DirectoryServices.DirectoryEntry dirEntry = new System.DirectoryServices.DirectoryEntry();
dirEntry.Path = strLDAPUserHost;
dirEntry.Username = strSystemUID;
dirEntry.Password = strSystemPwd;
dirEntry.AuthenticationType = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer;
try
{
dirEntry.RefreshCache();
// Search directory for the user logging on
string strLDAPFilter = "(&(objectClass=user)(" + strUIDAttr + "=" + strSuppliedUser + "))";
System.DirectoryServices.DirectorySearcher ldapSearch = new System.DirectoryServices.DirectorySearcher(dirEntry);
ldapSearch.ServerTimeLimit = new TimeSpan(0, 0, 30);
ldapSearch.Filter = strLDAPFilter;
ldapSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
System.DirectoryServices.SearchResultCollection searchResults = ldapSearch.FindAll();
if (searchResults.Count == 1){
...
這個函數被稱為:
strInputResults = ldapAuthentication("LDAP://DomainController.company.gTLD/", strInputSuppliedUser, strInputSuppliedPwd, "SystemAccount@company.gTLD", "Syst3mP@s5w0rd", "ou=UserOU,dc=company,dc=gTLD","sAMAccountName");
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.