![](/img/trans.png)
[英]LDAP's ldap_search_s() fails on Windows Active Directory
[英]User Authentication using LDAP with Windows Active Directory (Windows Server 2016)
平台:Windows 10 x64開發環境:MSVC 2017
Active Directory平台:Windows Server 2016(評估)
我正在嘗試對使用Windows Active Directory維護的遠程服務器上的Windows用戶進行身份驗證。 我在本地PC上運行的服務給出了“ 無效憑據”錯誤消息(即使在傳遞正確的經過身份驗證的用戶名,密碼和域之后)。
#include "pch.h"
#include <iostream>
#include <Windows.h>
#include <Winldap.h>
#include <plog/Log.h>
#include <string>
#ifdef UNICODE
typedef std::wstring string_type;
#define CONSOLE_OUT std::wcout
#define CONSOLE_IN std::wcin
#define CONSOLE_ERR std::wcerr
#else
typedef std::string string_type;
#define CONSOLE_OUT std::cout
#define CONSOLE_IN std::cin
#define CONSOLE_ERR std::cerr
#endif
int main()
{
SEC_WINNT_AUTH_IDENTITY sec;
string_type hostName = TEXT("192.168.1.49");
string_type domain = TEXT("WIN-49MT1TDDGOC.darksorrow.com");
string_type userName = TEXT("darksorrow\\ds");
string_type password = TEXT("darksorrow@1234567890");
PLDAP ld = nullptr;
int ldapReturnCode;
CONSOLE_OUT << TEXT("Hello World!\n");
plog::init(plog::error, "error.dat", 1048576, 3); //1 M.B.
ld = ldap_init(const_cast<PWSTR>(hostName.c_str()), LDAP_PORT);
if (ld == nullptr)
{
LOG_ERROR << ldap_err2string(LdapGetLastError());
CONSOLE_OUT << ldap_err2string(LdapGetLastError());
}
const int version = LDAP_VERSION3;
ldapReturnCode = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, std::addressof(version));
if (ldapReturnCode not_eq LDAP_SUCCESS)
{
LOG_ERROR << ldap_err2string(ldapReturnCode);
CONSOLE_OUT << ldap_err2string(ldapReturnCode);
}
ldapReturnCode = ldap_connect(ld, NULL);
if (ldapReturnCode not_eq LDAP_SUCCESS)
{
LOG_ERROR << ldap_err2string(ldapReturnCode);
CONSOLE_OUT << ldap_err2string(ldapReturnCode);
}
PWSTR dn = nullptr;
sec.Domain = (unsigned short *) domain.data();
sec.DomainLength = domain.length();
sec.User = (unsigned short *) userName.data();
sec.UserLength = userName.length();
sec.Password = (unsigned short *) password.data();
sec.PasswordLength = password.length();
sec.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
CONSOLE_OUT << domain << std::endl;
CONSOLE_OUT << userName << std::endl;
CONSOLE_OUT << password << std::endl;
ldapReturnCode = ldap_bind_s(ld, dn, (PWCHAR)std::addressof(sec), LDAP_AUTH_NEGOTIATE);
if (ldapReturnCode not_eq LDAP_SUCCESS)
{
LOG_ERROR << ldap_err2string(ldapReturnCode);
CONSOLE_OUT << ldap_err2string(ldapReturnCode);
}
else
CONSOLE_OUT << "Authentication Success\n";
ldap_unbind(ld);
return EXIT_SUCCESS;
}
我要去哪里錯了?
我決定自己嘗試一下。 事實證明,解決方案很簡單。 您的用戶名不應包含域名。 所以改變這個:
string_type userName = TEXT("darksorrow\\ds");
對此:
string_type userName = TEXT("ds");
您已經將域指定為單獨的參數,因此不需要作為用戶名的一部分。
您應該仍然可以使用LDAP_AUTH_NEGOTIATE
。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.