错误 0x80005000 和 DirectoryServices

发布于 2024-08-10 19:38:41 字数 1200 浏览 9 评论 0原文

我正在尝试使用 .Net 中的目录服务运行简单的 LDAP 查询。

    DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com");
    directoryEntry.AuthenticationType = AuthenticationTypes.Secure;

    DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);

    directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

    var result = directorySearcher.FindOne();
    var resultDirectoryEntry = result.GetDirectoryEntry();

    return resultDirectoryEntry.Properties["msRTCSIP-PrimaryUserAddress"].Value.ToString();

我收到以下异常:

System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
  at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_AdsObject()
  at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
  at System.DirectoryServices.DirectorySearcher.FindOne()

作为控制台应用程序中的片段,这是有效的。但是当我将其作为 WCF 服务的一部分运行(在相同的凭据下运行)时,它会引发上述异常。

有什么建议吗?

谢谢

I'm trying to run a simple LDAP query using directory services in .Net.

    DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com");
    directoryEntry.AuthenticationType = AuthenticationTypes.Secure;

    DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);

    directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

    var result = directorySearcher.FindOne();
    var resultDirectoryEntry = result.GetDirectoryEntry();

    return resultDirectoryEntry.Properties["msRTCSIP-PrimaryUserAddress"].Value.ToString();

And I'm getting the following exception:

System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
  at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_AdsObject()
  at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
  at System.DirectoryServices.DirectorySearcher.FindOne()

As a snippet in a Console app, this works. But when I run it as part of a WCF service (run under the same credentials), it throws the above exception.

Any suggestions?

Thanks

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(14

血之狂魔 2024-08-17 19:38:41

我一次又一次地遇到同样的情况,但似乎没有任何帮助。

将路径从 ldap:// 更改为 LDAP:// 就可以了。

I had the same again and again and nothing seemed to help.

Changing the path from ldap:// to LDAP:// did the trick.

淡看悲欢离合 2024-08-17 19:38:41

这是一个权限问题。

当您运行控制台应用程序时,该应用程序将使用您的凭据(例如“您”)运行。

WCF服务运行在哪里?在IIS 中?最有可能的是,它在一个单独的帐户下运行,该帐户无权查询 Active Directory。

您可以尝试让 WCF 模拟功能正常工作,以便传递您自己的凭据,或者您可以在创建 DirectoryEntry 时指定用户名/密码:

DirectoryEntry directoryEntry = 
    new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com", 
                       userName, password);

好的,所以它可能不是凭据(通常是这种情况)我见过超过 80% 的案例)。

稍微改变一下你的代码怎么样?

DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);
directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

directorySearcher.PropertiesToLoad.Add("msRTCSIP-PrimaryUserAddress");

var result = directorySearcher.FindOne();

if(result != null)
{
   if(result.Properties["msRTCSIP-PrimaryUserAddress"] != null)
   {
      var resultValue = result.Properties["msRTCSIP-PrimaryUserAddress"][0];
   }
}

我的想法是:为什么不立即告诉 DirectorySearcher 您对什么属性感兴趣?然后,您不需要执行另一个额外的步骤来从搜索结果中获取完整的 DirectoryEntry (应该更快),并且由于您告诉目录搜索器找到该属性,所以它肯定会是加载到搜索结果中 - 因此除非它为空(未设置值),否则您应该能够轻松检索它。

马克

It's a permission problem.

When you run the console app, that app runs with your credentials, e.g. as "you".

The WCF service runs where? In IIS? Most likely, it runs under a separate account, which is not permissioned to query Active Directory.

You can either try to get the WCF impersonation thingie working, so that your own credentials get passed on, or you can specify a username/password on creating your DirectoryEntry:

DirectoryEntry directoryEntry = 
    new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com", 
                       userName, password);

OK, so it might not be the credentials after all (that's usually the case in over 80% of the cases I see).

What about changing your code a little bit?

DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);
directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

directorySearcher.PropertiesToLoad.Add("msRTCSIP-PrimaryUserAddress");

var result = directorySearcher.FindOne();

if(result != null)
{
   if(result.Properties["msRTCSIP-PrimaryUserAddress"] != null)
   {
      var resultValue = result.Properties["msRTCSIP-PrimaryUserAddress"][0];
   }
}

My idea is: why not tell the DirectorySearcher right off the bat what attribute you're interested in? Then you don't need to do another extra step to get the full DirectoryEntry from the search result (should be faster), and since you told the directory searcher to find that property, it's certainly going to be loaded in the search result - so unless it's null (no value set), then you should be able to retrieve it easily.

Marc

沫离伤花 2024-08-17 19:38:41

在 Ektron 环境中,此问题可通过在 Windows 中安装“IIS6 元数据库兼容性”功能来解决:

检查 IIS6 元数据库的“Windows 功能”或“角色服务”
兼容性,如果缺少则添加:

在此处输入图像描述

参考:https://portal.ektron.com/KB/1088/

In the context of Ektron, this issue is resolved by installing the "IIS6 Metabase compatibility" feature in Windows:

Check 'Windows features' or 'Role Services' for IIS6 Metabase
compatibility, add if missing:

enter image description here

Ref: https://portal.ektron.com/KB/1088/

岁月打碎记忆 2024-08-17 19:38:41

在 IIS 托管站点上,尝试回收应用程序池。它解决了我的问题。
谢谢

On IIS hosted sites, try recycling the app pool. It fixed my issue.
Thanks

勿忘初心 2024-08-17 19:38:41

我遇到了同样的错误 - 就我而言,路径参数中的额外斜杠造成了差异。

坏:

DirectoryEntry directoryEntry = 
    new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com/", 
                       userName, password);

好:

DirectoryEntry directoryEntry = 
    new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com", 
                       userName, password);

I had the same error - in my case it was extra slash in path argument that made the difference.

BAD:

DirectoryEntry directoryEntry = 
    new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com/", 
                       userName, password);

GOOD:

DirectoryEntry directoryEntry = 
    new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com", 
                       userName, password);
寄居者 2024-08-17 19:38:41

我也遇到了这个错误,对我来说,它是一个名称中带有正斜杠的 OU:“文件/文件夹访问组”。

论坛主题为我指明了正确的方向。最后,在使用之前对每个路径值调用 .Replace("/","\\/") 解决了我的问题。

I had this error as well and for me it was an OU with a forward slash in the name: "File/Folder Access Groups".

This forum thread pointed me in the right direction. In the end, calling .Replace("/","\\/") on each path value before use solved the problem for me.

雅心素梦 2024-08-17 19:38:41

仅供参考,我遇到了同样的错误,并且使用了正确的凭据,但我的 LDAP url 错误:(

我收到了完全相同的错误消息和代码

Just FYI, I had the same error and was using the correct credentials but my LDAP url was wrong :(

I got the exact same error message and code

好听的两个字的网名 2024-08-17 19:38:41

刚刚在我居住的公司的生产系统中遇到了这个问题... IP 更改后,进行 LDAP 绑定的网页停止工作。

解决方案...
...我安装了基本身份验证来执行此处所示的故障排除:https://support.microsoft .com/en-us/kb/329986

之后,事情就开始起作用了。即使在我正在测试的页面中重新禁用基本身份验证后,所有其他页面都重新开始使用 Windows 身份验证。

问候,
阿卡西奥

Just had that problem in a production system in the company where I live... A webpage that made a LDAP bind stopped working after an IP changed.

The solution...
... I installed Basic Authentication to perform the troubleshooting indicated here: https://support.microsoft.com/en-us/kb/329986

And after that, things just started to work. Even after I re-disabled Basic Authentication in the page I was testing, all other pages started working again with Windows Authentication.

Regards,
Acácio

怀里藏娇 2024-08-17 19:38:41

当我查询 forrest 的另一个域的条目并且该条目具有其他域的一些自定义属性时,我遇到此错误。

要解决此错误,我只需在 url 中指定服务器 LDAP :

Path with error = LDAP://CN=MyObj,DC=DOMAIN,DC=COM

Path without error : LDAP://domain.com:389/CN=MyObj,DC=域,DC=COM

I encounter this error when I'm querying an entry of another domain of the forrest and this entry have some custom attribut of the other domain.

To solve this error, I only need to specify the server in the url LDAP :

Path with error = LDAP://CN=MyObj,DC=DOMAIN,DC=COM

Path without error : LDAP://domain.com:389/CN=MyObj,DC=Domain,DC=COM

羁绊已千年 2024-08-17 19:38:41

如果物理机内存不足,则可能会发生此错误。
就我而言,我在 IIS 上托管一个站点,试图访问 AD,但服务器内存不足。

This Error can occur if the physical machine has run out of memory.
In my case i was hosting a site on IIS trying to access the AD, but the server had run out of memory.

小瓶盖 2024-08-17 19:38:41

我必须将我的代码从: 更改

 DirectoryEntry entry = new DirectoryEntry(path, ldapUser, ldapPassword);
 DirectorySearcher searcher = new DirectorySearcher();
 searcher.SearchRoot = entry;
 searcher.SearchScope = SearchScope.Subtree;

为:

DirectoryEntry entry = new DirectoryEntry(path, ldapUser, ldapPassword);
DirectorySearcher searcher = new DirectorySearcher();
searcher.SearchScope = SearchScope.OneLevel;
SearchResult searchResult = searcher.FindOne();

I had to change my code from this:

 DirectoryEntry entry = new DirectoryEntry(path, ldapUser, ldapPassword);
 DirectorySearcher searcher = new DirectorySearcher();
 searcher.SearchRoot = entry;
 searcher.SearchScope = SearchScope.Subtree;

To this:

DirectoryEntry entry = new DirectoryEntry(path, ldapUser, ldapPassword);
DirectorySearcher searcher = new DirectorySearcher();
searcher.SearchScope = SearchScope.OneLevel;
SearchResult searchResult = searcher.FindOne();
GRAY°灰色天空 2024-08-17 19:38:41

就我而言,问题是我试图引用 DirectoryEntry 的属性值,即使该 DirectoryEntry 根本没有该属性。

例如,如果您有:

var myGroup = new DirectoryEntry("LDAP://CN=mygroup,OU=mydomain....", myUsername, myPassword);

var groupManager = myGroup.Properties["managedBy"].Value.ToString();

如果 myGroup 在 AD 中没有设置 ma​​nagementBy 属性,这将导致未知错误 (0x80005000)

In my case, the problem was that I was trying to reference a DirectoryEntry's property value, even though that DirectoryEntry did not have that property at all.

If you for example, have:

var myGroup = new DirectoryEntry("LDAP://CN=mygroup,OU=mydomain....", myUsername, myPassword);

var groupManager = myGroup.Properties["managedBy"].Value.ToString();

If myGroup has no managedBy attribute set in the AD, this will result in Unknown error (0x80005000)

深陷 2024-08-17 19:38:41

如果 DirectoryEntry.Patch 中的符号“LDAP//:”后面没有任何内容,则会发生相同的错误。在directorySearcher.FindOne()之前有必要检查directoryEntry.Path。除非明确指定域,否则不需要“LDAP://”。

private void GetUser(string userName, string domainName)
{
     DirectoryEntry dirEntry = new DirectoryEntry();

     if (domainName.Length > 0)
     {
          dirEntry.Path = "LDAP://" + domainName;
     }

     DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);
     dirSearcher.SearchScope = SearchScope.Subtree;
     dirSearcher.Filter = string.Format("(&(objectClass=user)(|(cn={0})(sn={0}*)(givenName={0})(sAMAccountName={0}*)))", userName);
     var searchResults = dirSearcher.FindAll();
     //var searchResults = dirSearcher.FindOne();

     if (searchResults.Count == 0)
     {
          MessageBox.Show("User not found");
     }
     else
     {
          foreach (SearchResult sr in searchResults)
          {
              var de = sr.GetDirectoryEntry();
              string user = de.Properties["SAMAccountName"][0].ToString();
              MessageBox.Show(user); 
          }        
     }
}

The same error occurs if in DirectoryEntry.Patch is nothing after the symbols "LDAP//:". It is necessary to check the directoryEntry.Path before directorySearcher.FindOne(). Unless explicitly specified domain, and do not need to "LDAP://".

private void GetUser(string userName, string domainName)
{
     DirectoryEntry dirEntry = new DirectoryEntry();

     if (domainName.Length > 0)
     {
          dirEntry.Path = "LDAP://" + domainName;
     }

     DirectorySearcher dirSearcher = new DirectorySearcher(dirEntry);
     dirSearcher.SearchScope = SearchScope.Subtree;
     dirSearcher.Filter = string.Format("(&(objectClass=user)(|(cn={0})(sn={0}*)(givenName={0})(sAMAccountName={0}*)))", userName);
     var searchResults = dirSearcher.FindAll();
     //var searchResults = dirSearcher.FindOne();

     if (searchResults.Count == 0)
     {
          MessageBox.Show("User not found");
     }
     else
     {
          foreach (SearchResult sr in searchResults)
          {
              var de = sr.GetDirectoryEntry();
              string user = de.Properties["SAMAccountName"][0].ToString();
              MessageBox.Show(user); 
          }        
     }
}
云淡风轻 2024-08-17 19:38:41

在我的类似问题上花了一天时间,但所有这些答案都没有帮助。

就我而言,我没有在 IIS 设置中启用 Windows 身份验证...

Spent a day on my similar issue, but all these answers didn't help.

Turned out in my case, I didn't enable Windows Authentication in IIS setting...

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文