PermissiveModifyControl 在 C# LDAP 中抛出 DirectoryOperationException
使用 System.DirectoryServices.Protocols 命名空间添加/修改 Active Directory 组的属性。代码:
public void UpdateProperties(Dictionary<string, string> Properties) {
List<DirectoryAttributeModification> directoryAttributeModifications;
// ... Code to convert Properties dictionary to directoryAttributeModifications
// There is one 'Add' modification, to set the 'description' of the group
ModifyRequest modifyRequest = new ModifyRequest(groupDistinguishedName, directoryAttributeModifications.ToArray());
modifyRequest.Controls.Add(new PermissiveModifyControl());
ModifyResponse response = connection.SendRequest(modifyRequest) as ModifyResponse;
PermissiveModifyControl 旨在防止描述已存在时代码失败。我找到的有关 PermissiveModifyControl 的唯一信息在这里: http://msdn.microsoft.com/en-us/library/bb332056.aspx
其中指出:
如果尝试添加已存在的属性或尝试删除不存在的属性,LDAP 修改请求通常会失败。使用
PermissiveModifyControl,修改操作会成功,而不会引发DirectoryOperationException错误。
但是,当上面的代码到达 SendRequest() 时,它会抛出 DirectoryOperationException:“属性存在或值已分配。”
我试图避免的是必须查询正在传递的集合中的每个属性;如果存在,则创建一个Replace DirectoryAttributeModification;如果没有,请创建一个 Add。据我所知,PermissiveModifyControl 应该就是这样做的。
任何人都可以阐明为什么 PermissiveModifyControl 仍然抛出 DirectoryOperationException 以及如何正确使用它?
提前致谢! 詹姆斯
Using the System.DirectoryServices.Protocols namespace to add/modify attributes on an Active Directory group. Code:
public void UpdateProperties(Dictionary<string, string> Properties) {
List<DirectoryAttributeModification> directoryAttributeModifications;
// ... Code to convert Properties dictionary to directoryAttributeModifications
// There is one 'Add' modification, to set the 'description' of the group
ModifyRequest modifyRequest = new ModifyRequest(groupDistinguishedName, directoryAttributeModifications.ToArray());
modifyRequest.Controls.Add(new PermissiveModifyControl());
ModifyResponse response = connection.SendRequest(modifyRequest) as ModifyResponse;
The PermissiveModifyControl is intended to keep the code from failing if the description already exists. The only information on PermissiveModifyControl I've found is here:
http://msdn.microsoft.com/en-us/library/bb332056.aspx
which states:
An LDAP modify request will normally fail if it attempts to add an attribute that already exists or if it attempts to delete an attribute that does not exist. With
PermissiveModifyControlthe modify operation succeeds without throwing aDirectoryOperationExceptionerror.
However, when the above code gets to the SendRequest(), it throws a DirectoryOperationException: "The attribute exists or the value has been assigned."
What I'm trying to avoid is having to query every property in the collection being passed; if it exists, create a Replace DirectoryAttributeModification; if it doesn't, create an Add instead. From what I can glean, PermissiveModifyControl is supposed to do just that.
Can anyone shed some light on why PermissiveModifyControl still throws a DirectoryOperationException, and how to properly use it?
Thanks in advance!
James
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
经过更多实验后,我发现文档具有误导性......您不想添加属性,而是想替换它(
DirectoryAttributeOperation.Replace)。如果该属性存在,它当然会替换它。如果该属性不存在,它将创建它。我的其余代码是正确的。
After some more experimenting, I've found that the documentation is misleading... you don't want to add an attribute, you want to replace it (
DirectoryAttributeOperation.Replace). If the attribute exists, it will of course replace it. If the attribute does not exist, it will create it.The rest of my code is correct.