无法在 C# 中检索 Active Directory 用户
我在 Window 2008 中构建了一个测试 Active Directory 服务器,并在其上运行 DNS 服务器。在运行 C# 应用程序的客户端计算机上,我可以使用以下功能针对 Active Directory 服务器对用户进行身份验证:
public static UserPrincipal GetUserPrincipal(string usrName,string pswd,string domainName)
{
UserPrincipal usr;
PrincipalContext ad;
// Enter Active Directory settings
ad = new PrincipalContext(ContextType.Domain, domainName,usrName,pswd);
//search user
usr = new UserPrincipal(ad);
usr.SamAccountName = usrName;
PrincipalSearcher search = new PrincipalSearcher(usr);
usr = (UserPrincipal)search.FindOne();
search.Dispose();
return usr;
}
在单独的逻辑中,我尝试使用用户名从服务器检索用户。我使用了以下功能:
public static DirectoryEntry CreateDirectoryEntry()
{
// create AD connection
DirectoryEntry de = new DirectoryEntry("LDAP://CN=Users,DC=rootforest,DC=com","LDAP","password");
de.AuthenticationType = AuthenticationTypes.Secure;
return de;
}
public static ResultPropertyCollection GetUserProperty(string domainName, string usrName)
{
DirectoryEntry de = CreateDirectoryEntry();
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.Filter = "(SamAccountName=" + usrName + ")";
SearchResult results = deSearch.FindOne();
return null;
}
但是,我根本没有从 LDAP 服务器收到任何响应,甚至没有例外。我是否缺少 LDAP 服务器上的某些设置,你们中的任何人都可以看到我的代码中的缺陷(请不要介意硬代码值,我正在使用此代码进行测试)。
作为故障排除的一部分,我确认可以从客户端计算机 ping 到 rootforest.com。我确认属性 samaccountname“LDAP”的用户存在。我的路径似乎是正确的,因为当我进入 LDAP 服务器并输入:
dsquery user -name LDAP*
我得到以下信息:
CN=LDAP L. LDAP,CN=Users,DC=rootforest,DC=com
任何帮助将不胜感激,我花了大部分时间进行故障排除和研究这个小问题,我认为它可能是一些东西我忽略的小。
I built a test Active Directory server in Window 2008 and I also run the DNS server on it. On my client machine which runs the C# application, I can authenticate the user against the Active directory server using the function below:
public static UserPrincipal GetUserPrincipal(string usrName,string pswd,string domainName)
{
UserPrincipal usr;
PrincipalContext ad;
// Enter Active Directory settings
ad = new PrincipalContext(ContextType.Domain, domainName,usrName,pswd);
//search user
usr = new UserPrincipal(ad);
usr.SamAccountName = usrName;
PrincipalSearcher search = new PrincipalSearcher(usr);
usr = (UserPrincipal)search.FindOne();
search.Dispose();
return usr;
}
In a separate logic I tried to retrieve a user back from the server using a user name. I used the functions below:
public static DirectoryEntry CreateDirectoryEntry()
{
// create AD connection
DirectoryEntry de = new DirectoryEntry("LDAP://CN=Users,DC=rootforest,DC=com","LDAP","password");
de.AuthenticationType = AuthenticationTypes.Secure;
return de;
}
public static ResultPropertyCollection GetUserProperty(string domainName, string usrName)
{
DirectoryEntry de = CreateDirectoryEntry();
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.Filter = "(SamAccountName=" + usrName + ")";
SearchResult results = deSearch.FindOne();
return null;
}
However, I got no response back from the LDAP server at all, not even an exception. Am I missing certain settings on LDAP server, any of you able to see a flaw in my code (pls don't mind the hard code values, I was testing with this code).
As part of my troubleshooting, I confirmed that I can ping to the rootforest.com from the client machine. I confirmed the user with property samaccountname "LDAP" exists. My path seems to be right because when I go onto the LDAP server and type :
dsquery user -name LDAP*
I got the following:
CN=LDAP L. LDAP,CN=Users,DC=rootforest,DC=com
Any help would be greatly appreciated, I've spent most of my day troubleshooting and researching this little bugger and I think it could be something small which I overlooked.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不明白为什么您在第一个示例中使用新的
PrincipalContext / UserPrincipal内容,但在第二个示例中又回到了难以使用的DirectoryEntry内容。 ...确实没有意义...另外:你的第二个函数GetUserProperty似乎返回nullalways - 拼写错误与否?由于您已经在使用
System.DirectoryServices.AccountManagement(S.DS.AM) 命名空间 - 也将它用于您的第二个任务!在这里阅读所有相关内容:基本上,您可以定义域上下文并轻松地在 AD 中查找用户和/或组:
新的 S.DS.AM 使在 AD 中使用用户和组变得非常容易:
I don't understand why you're using the new
PrincipalContext / UserPrincipalstuff in your first example, but fall back to the hard to useDirectoryEntrystuff in your second example.... doesn't really make sense... also: your second functionGetUserPropertyseems to returnnullalways - typo or not??Since you're on already using the
System.DirectoryServices.AccountManagement(S.DS.AM) namespace - use it for your second task, too! Read all about it here:Basically, you can define a domain context and easily find users and/or groups in AD:
The new S.DS.AM makes it really easy to play around with users and groups in AD:
我认为您的代码有一些问题:
GetUserProperty()函数中返回null?您应该返回结果。sSAMAccountName。此外,扩展您的查询以仅搜索用户帐户。下面是一个示例:(&(objectCategory=person)(objectClass=user)(sAMAccountName=usrName))UserPrincipal类来搜索身份在活动目录中。UserPrincipal类提供了一个名为FindByIdentity() 的静态方法来搜索用户身份。希望这有帮助。
I think your code have a few problems:
nullin yourGetUserProperty()function? You should returnresultsinstead.sSAMAccountNameinstead. Furthermore extend your query to search only for user accounts. Here is an example:(&(objectCategory=person)(objectClass=user)(sAMAccountName=usrName))UserPrincipalclass to search for an identity in Active Directory. TheUserPrincipalclass provides a static method calledFindByIdentity() to search for a user identity.Hope, this helps.