PermissiveModifyControl 在 C# LDAP 中抛出 DirectoryOperationException

发布于 2024-09-13 21:30:33 字数 1542 浏览 7 评论 0原文

使用 System.DirectoryServices.Protocols 命名空间添加/修改 Active Directory 组的属性。代码:

public void UpdateProperties(Dictionary<string, string> Properties) {

    List<DirectoryAttributeModification> directoryAttributeModifications;

    //  ... Code to convert Properties dictionary to directoryAttributeModifications
    //  There is one 'Add' modification, to set the 'description' of the group

    ModifyRequest modifyRequest = new ModifyRequest(groupDistinguishedName, directoryAttributeModifications.ToArray());
    modifyRequest.Controls.Add(new PermissiveModifyControl());
    ModifyResponse response = connection.SendRequest(modifyRequest) as ModifyResponse;

PermissiveModifyControl 旨在防止描述已存在时代码失败。我找到的有关 PermissiveModifyControl 的唯一信息在这里: http://msdn.microsoft.com/en-us/library/bb332056.aspx

其中指出:

如果尝试添加已存在的属性或尝试删除不存在的属性,LDAP 修改请求通常会失败。使用PermissiveModifyControl,修改操作会成功,而不会引发DirectoryOperationException错误。

但是,当上面的代码到达 SendRequest() 时,它会抛出 DirectoryOperationException:“属性存在或值已分配。”

我试图避免的是必须查询正在传递的集合中的每个属性;如果存在,则创建一个Replace DirectoryAttributeModification;如果没有,请创建一个 Add。据我所知,PermissiveModifyControl 应该就是这样做的。

任何人都可以阐明为什么 PermissiveModifyControl 仍然抛出 DirectoryOperationException 以及如何正确使用它?

提前致谢! 詹姆斯

Using the System.DirectoryServices.Protocols namespace to add/modify attributes on an Active Directory group. Code:

public void UpdateProperties(Dictionary<string, string> Properties) {

    List<DirectoryAttributeModification> directoryAttributeModifications;

    //  ... Code to convert Properties dictionary to directoryAttributeModifications
    //  There is one 'Add' modification, to set the 'description' of the group

    ModifyRequest modifyRequest = new ModifyRequest(groupDistinguishedName, directoryAttributeModifications.ToArray());
    modifyRequest.Controls.Add(new PermissiveModifyControl());
    ModifyResponse response = connection.SendRequest(modifyRequest) as ModifyResponse;

The PermissiveModifyControl is intended to keep the code from failing if the description already exists. The only information on PermissiveModifyControl I've found is here:
http://msdn.microsoft.com/en-us/library/bb332056.aspx

which states:

An LDAP modify request will normally fail if it attempts to add an attribute that already exists or if it attempts to delete an attribute that does not exist. With PermissiveModifyControl the modify operation succeeds without throwing a DirectoryOperationException error.

However, when the above code gets to the SendRequest(), it throws a DirectoryOperationException: "The attribute exists or the value has been assigned."

What I'm trying to avoid is having to query every property in the collection being passed; if it exists, create a Replace DirectoryAttributeModification; if it doesn't, create an Add instead. From what I can glean, PermissiveModifyControl is supposed to do just that.

Can anyone shed some light on why PermissiveModifyControl still throws a DirectoryOperationException, and how to properly use it?

Thanks in advance!
James

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

∞梦里开花 2024-09-20 21:30:33

经过更多实验后,我发现文档具有误导性......您不想添加属性,而是想替换它(DirectoryAttributeOperation.Replace)。如果该属性存在,它当然会替换它。如果该属性不存在,它将创建它。

我的其余代码是正确的。

After some more experimenting, I've found that the documentation is misleading... you don't want to add an attribute, you want to replace it (DirectoryAttributeOperation.Replace). If the attribute exists, it will of course replace it. If the attribute does not exist, it will create it.

The rest of my code is correct.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文