LDAP 查询不显示某些用户
我无法显示 LDAP 中的某些用户。我不知道为什么。这是我的代码
try
{
string path = "LDAP://" + Program.domain;
DirectoryEntry dEntry = new DirectoryEntry(path);
DirectorySearcher dSearcher = new DirectorySearcher(dEntry);
dSearcher.Filter = "(&(objectClass=user)(objectCategory=person))";
//perform search on active directory
sResults = dSearcher.FindAll();
//loop through results of search
foreach (SearchResult searchResult in sResults)
{
//string view = searchResult.Properties["samaccountname"][0].ToString();
// Console.WriteLine(searchResult.Properties["userprincipalname"][0].ToString());
if (searchResult.Properties["samaccountname"][0].ToString() == Program.username)
{
Console.WriteLine("**********UserDetails******************");
foreach (Object propertyName in searchResult.Properties.PropertyNames)
{
ResultPropertyValueCollection valueCollection =
searchResult.Properties[(string)propertyName];
foreach (Object propertyvalue in valueCollection)
{
Console.WriteLine((string)propertyName + " : " + propertyvalue);
result = true;
}
}
Console.WriteLine("************************************");
}
}
,它显示了一些用户,但 AD 中存在的其他用户很少没有显示。 他们也是域管理员和域用户。我还没有看到任何权限问题... 我真的需要一些帮助。有人可以帮助我吗?
谢谢
I am unable to display some users from LDAP. I dont know why. Here's my code
try
{
string path = "LDAP://" + Program.domain;
DirectoryEntry dEntry = new DirectoryEntry(path);
DirectorySearcher dSearcher = new DirectorySearcher(dEntry);
dSearcher.Filter = "(&(objectClass=user)(objectCategory=person))";
//perform search on active directory
sResults = dSearcher.FindAll();
//loop through results of search
foreach (SearchResult searchResult in sResults)
{
//string view = searchResult.Properties["samaccountname"][0].ToString();
// Console.WriteLine(searchResult.Properties["userprincipalname"][0].ToString());
if (searchResult.Properties["samaccountname"][0].ToString() == Program.username)
{
Console.WriteLine("**********UserDetails******************");
foreach (Object propertyName in searchResult.Properties.PropertyNames)
{
ResultPropertyValueCollection valueCollection =
searchResult.Properties[(string)propertyName];
foreach (Object propertyvalue in valueCollection)
{
Console.WriteLine((string)propertyName + " : " + propertyvalue);
result = true;
}
}
Console.WriteLine("************************************");
}
}
This displays few users but few other users who exist in AD are not displayed.
They're also Domain Admins and Domain users. I don't see any permission issues too yet...
I seriously need some help.Can someone help me please?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
有两个可能的原因:
0) 访问控制:您没有适当的访问级别来查看相关对象(或在过滤器中匹配它们所需的属性(无论是
objectClass还是 <代码>objectCategory))。1) 所讨论的目标对象实际上与指定的过滤器不匹配。用户可以是
(&(objectClass=user)(objectCategory=person))以外的其他身份。我的建议是按如下方式处理该问题:
0) 选取一个您希望匹配的样本用户并仔细检查。检查以确保 objectClass 实际上包含 user 并且 objectCategory 设置为 person。如果没有,请修改您的查询以包含您尝试查找的所有用户。 (您可以查阅 AD 架构来查看这些事物之间的关系)
1) 确保您执行查询的上下文可以访问您想要查找的所有对象,包括属性您在过滤器中使用的。如果您无权访问过滤器中的所有属性,AD 不会返回查询的匹配项……如果确实如此,这将是一种信息泄露形式。
There are two likely causes:
0) Access control: You do not have the appropriate level of access to view the objects in question (or the properties required to match them in the filter (be it
objectClassorobjectCategory)).1) The target objects in question do not actually match the filter specified. Users can be something other than
(&(objectClass=user)(objectCategory=person)).My suggestion is to approach the problem as follows:
0) Take one sample user that you expect to match and inspect it carefully. Check to ensure that objectClass does in fact contain user and objectCategory is set to person. If not, modify your query to be inclusive of all of the users you are trying to find. (You can consult the AD schema to see the relationship between these things)
1) Make sure the context under which you're doing the query has access to all of the objects you want to find including the attributes that you're using in your filter. AD won't return a match to a query if you don't have access to all of the attributes in the filter...if it did, it'd be a form of information disclosure.