如何让 DirectorySearcher 遵守我指定的 SearchScope？

发布于 2024-08-24 23:10:52 字数 2517 浏览 9 评论 0原文

我的项目中有以下 C# 代码：

    DirectoryEntry root = new DirectoryEntry(@"LDAP://ad.mydomain.com");
    DirectorySearcher ds = new DirectorySearcher(root);
    ds.DerefAlias = DereferenceAlias.Always;
    ds.SearchScope = SearchScope.Subtree;
    ds.Filter = "(|(name=John_Smith)(cn=John_Smith))";
    SearchResultCollection src = ds.FindAll();

我正在使用 MS Network Monitor 监视到 AD 服务器的 LDAP 流量，并且在搜索发生时看到这一点：

  Frame: Number = 1417, Captured Frame Length = 404, MediaType = ETHERNET 
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[XXX],SourceAddress:[XXX]
+ Ipv4: Src = XXX, Dest = XXX, Next Protocol = TCP, Packet ID = 9696, Total IP Length = 390
+ Tcp: Flags=...AP..., SrcPort=1521, DstPort=LDAP(389), PayloadLen=350, Seq=3825204841 - 3825205191, Ack=1241404727, Win=16425 (scale factor 0x2) = 65700
- Ldap: Search Request, MessageID: 1, BaseObject: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
  - Parser: Search Request, MessageID: 1
   + ParserHeader: 
   + MessageID: 1
   + OperationHeader: Search Request, 3(0x3)
   - SearchRequest: BaseDN: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
    + BaseObject: NULL
    + Scope: base Object
    + Alias: neverDerefAliases
    + SizeLimit: No Limit
    + TimeLimit: 120 seconds
    + TypesOnly: False
    - Filter: (objectclass Present)
     + Operator: Present, 7(0x07)
     - Length: 11
        Length: 11 bytes, LengthOfLength = 0
     + PresentFilter: objectclass Present
    - Attributes: ( subschemaSubentry )( dsServiceName )( namingContexts )( defaultNamingContext )( schemaNamingContext )( configurationNamingContext )( rootDomainNamingContext )( supportedControl )( supportedLDAPVersion )( supportedLDAPPolicies )( supportedSASLMec
     + AttributeSelectionHeader: 
     + Attribute: subschemaSubentry
     + Attribute: dsServiceName
     + Attribute: namingContexts
     + Attribute: defaultNamingContext
     + Attribute: schemaNamingContext
     + Attribute: configurationNamingContext
     + Attribute: rootDomainNamingContext
     + Attribute: supportedControl
     + Attribute: supportedLDAPVersion
     + Attribute: supportedLDAPPolicies
     + Attribute: supportedSASLMechanisms
     + Attribute: dnsHostName
     + Attribute: ldapServiceName
     + Attribute: serverName
     + Attribute: supportedCapabilities

我请求的搜索范围或过滤器似乎都没有在查询中使用。我尝试使用 Softerra LDAP Administrator 对“John_Smith”执行根搜索，网络监视器显示似乎是一个完美的 LDAP 查询，过滤器和搜索范围完好无损。

我缺少什么？

原文

I have the following C# code in a project:

    DirectoryEntry root = new DirectoryEntry(@"LDAP://ad.mydomain.com");
    DirectorySearcher ds = new DirectorySearcher(root);
    ds.DerefAlias = DereferenceAlias.Always;
    ds.SearchScope = SearchScope.Subtree;
    ds.Filter = "(|(name=John_Smith)(cn=John_Smith))";
    SearchResultCollection src = ds.FindAll();

I'm monitoring LDAP traffic to the AD server with MS Network Monitor and I see this when the search takes place:

  Frame: Number = 1417, Captured Frame Length = 404, MediaType = ETHERNET 
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[XXX],SourceAddress:[XXX]
+ Ipv4: Src = XXX, Dest = XXX, Next Protocol = TCP, Packet ID = 9696, Total IP Length = 390
+ Tcp: Flags=...AP..., SrcPort=1521, DstPort=LDAP(389), PayloadLen=350, Seq=3825204841 - 3825205191, Ack=1241404727, Win=16425 (scale factor 0x2) = 65700
- Ldap: Search Request, MessageID: 1, BaseObject: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
  - Parser: Search Request, MessageID: 1
   + ParserHeader: 
   + MessageID: 1
   + OperationHeader: Search Request, 3(0x3)
   - SearchRequest: BaseDN: NULL, SearchScope: base Object, SearchAlias: neverDerefAliases
    + BaseObject: NULL
    + Scope: base Object
    + Alias: neverDerefAliases
    + SizeLimit: No Limit
    + TimeLimit: 120 seconds
    + TypesOnly: False
    - Filter: (objectclass Present)
     + Operator: Present, 7(0x07)
     - Length: 11
        Length: 11 bytes, LengthOfLength = 0
     + PresentFilter: objectclass Present
    - Attributes: ( subschemaSubentry )( dsServiceName )( namingContexts )( defaultNamingContext )( schemaNamingContext )( configurationNamingContext )( rootDomainNamingContext )( supportedControl )( supportedLDAPVersion )( supportedLDAPPolicies )( supportedSASLMec
     + AttributeSelectionHeader: 
     + Attribute: subschemaSubentry
     + Attribute: dsServiceName
     + Attribute: namingContexts
     + Attribute: defaultNamingContext
     + Attribute: schemaNamingContext
     + Attribute: configurationNamingContext
     + Attribute: rootDomainNamingContext
     + Attribute: supportedControl
     + Attribute: supportedLDAPVersion
     + Attribute: supportedLDAPPolicies
     + Attribute: supportedSASLMechanisms
     + Attribute: dnsHostName
     + Attribute: ldapServiceName
     + Attribute: serverName
     + Attribute: supportedCapabilities

Neither the search scope or filter I requested appear to be being used in the query. I tried using Softerra LDAP Administrator to perform a root search on "John_Smith" and network monitor shows what appears to be a perfectly good LDAP query, with filter and search scope intact.

What am I missing?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

白龙吟 2024-08-31 23:10:52

我就是这样做的：

searcher.Filter = "(&(objectClass=user)(|(cn=John_Smith)(sAMAccountName=John_Smith)))";

我使用的这个网站是一个很棒的广告网站。

http://www.codeproject.com/KB/system/everythingInAD.aspx

This is how I do it:

searcher.Filter = "(&(objectClass=user)(|(cn=John_Smith)(sAMAccountName=John_Smith)))";

An awesome site for everything AD is this one that I use.

http://www.codeproject.com/KB/system/everythingInAD.aspx

回复收藏 0 原文

暖树树初阳… 2024-08-31 23:10:52

因此，发送的请求是对 ldap 服务器功能的查询（架构的位置、支持的 ldap 版本等）。 LDAP/AD 服务器可以响应请求的信息或要求身份验证。您可以通过在绑定到根条目时提供凭据来完成该步骤（绑定）。收到功能查询的 SearchResultsDone 消息后，目录搜索器（实际上是底层 ldap 类）将发送搜索请求，询问您所请求的信息。

回复收藏 0 原文

~没有更多了~