使用 LDAP 对 OU 进行用户身份验证
我正在尝试使用 LDAP 对用户进行身份验证,
我正在使用此代码:
public bool IsAuthenticated(string domain, string username, string pwd)
{
DirectoryEntry nRoot = new DirectoryEntry("LDAP://192.134.1.142/dc=testDomain,dc=com");
nRoot.AuthenticationType = AuthenticationTypes.None;
nRoot.Username = "uid=username,dc=testDomain,DC=com"; //full dn
nRoot.Password = "pwd";
try
{
//Bind to the native AdsObject to force authentication.
Object obj = nRoot.NativeObject;
DirectorySearcher search = new DirectorySearcher(nRoot);
search.SearchScope = SearchScope.Subtree;
search.Filter = "uid=username";
search.PropertiesToLoad.Add("uid");
SearchResult sr = search.FindOne();
if(null == sr )
{
return false;
}
// Update the new path to the user in the directory
_path = sr.Path;
_filterAttribute = (String)result.Properties["uid"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
这里,如果用户不属于任何 OU,则代码运行正常,但如果它是 OU 的一部分,则它将无法工作,并且会出现错误
System.Runtime.InteropServices.COMException 在
// 绑定到本机 AdsObject 以强制进行身份验证。 对象 obj = nRoot.NativeObject;
如何让用户验证属于 OU 或任何其他组?
我尝试对 OU 进行硬编码并且它有效,但我无法要求用户输入他的 OU
nRoot.Username = "uid=username,ou=test,dc=testDomain,DC=com"; //full dn
I am trying to authenticate user using LDAP
I am using this code:
public bool IsAuthenticated(string domain, string username, string pwd)
{
DirectoryEntry nRoot = new DirectoryEntry("LDAP://192.134.1.142/dc=testDomain,dc=com");
nRoot.AuthenticationType = AuthenticationTypes.None;
nRoot.Username = "uid=username,dc=testDomain,DC=com"; //full dn
nRoot.Password = "pwd";
try
{
//Bind to the native AdsObject to force authentication.
Object obj = nRoot.NativeObject;
DirectorySearcher search = new DirectorySearcher(nRoot);
search.SearchScope = SearchScope.Subtree;
search.Filter = "uid=username";
search.PropertiesToLoad.Add("uid");
SearchResult sr = search.FindOne();
if(null == sr )
{
return false;
}
// Update the new path to the user in the directory
_path = sr.Path;
_filterAttribute = (String)result.Properties["uid"][0];
}
catch (Exception ex)
{
throw new Exception("Error authenticating user. " + ex.Message);
}
return true;
}
Here if the user is not a part of any OU the code runs fine but if it is a part of an OU it won't work and ii get an error
System.Runtime.InteropServices.COMException
at
// Bind to the native AdsObject to force authentication.
Object obj = nRoot.NativeObject;
How do I get the user validated belonging to an OU or any other group??
I tried hard coding the OU to and it worked, but i cannot ask a user to enter his OU
nRoot.Username = "uid=username,ou=test,dc=testDomain,DC=com"; //full dn
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您需要获取用户名,找到 uid=用户名的对象,然后读取 DistinguishedName 属性或返回对象的名称(这将是完整 DN),并使用发现的完整 DN 登录。
You need to take the username, find the object whose uid=username, and then read the distinguishedName attribute or else the name of the returned object (which will be the full DN) and log in with that discovered full DN.