从 .NET 连接到 LDAP 服务器
建议我使用 System.DirectoryServices.Protocols 来支持连接到 Active Directory 以外的 LDAP 服务器 这里。
不幸的是,我无法正确搜索该目录。我希望能够获取用户的某个属性(例如mail)。通过使用 DirectorySearcher 类,可以在 System.DirectoryServices 命名空间中轻松完成此操作。如何在 System.DirectoryServices.Protocols 命名空间中实现相同的目标。这是我到目前为止所得到的:
var domainParts = domain.Split('.');
string targetOu = string.Format("cn=builtin,dc={0},dc={1}", domainParts[0], domainParts[1]);
string ldapSearchFilter = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", username);
// establish a connection to the directory
LdapConnection connection = new LdapConnection(
new LdapDirectoryIdentifier(domain),
new NetworkCredential() { UserName = username,
Password = "MyPassword" });
SearchRequest searchRequest = new SearchRequest(
targetOu, ldapSearchFilter, SearchScope.OneLevel, new[] {"mail"});
此代码引发了 DirectoryOperationException 类型的异常,并显示消息该对象不存在。
我怀疑我的 targetOu 和 ldapSearchFilter 变量有问题。
谢谢。
I've been recommended to use System.DirectoryServices.Protocols to be able to support connecting to LDAP servers other than Active Directoy here.
Unfortunately, I have not been able to search the directory properly. I'd like to be able to get a certain attribute for a user (e.g. mail). This is easily done in System.DirectoryServices namespace by using DirectorySearcher class. How can I achieve the same in System.DirectoryServices.Protocols namespace. Here's what I have so far:
var domainParts = domain.Split('.');
string targetOu = string.Format("cn=builtin,dc={0},dc={1}", domainParts[0], domainParts[1]);
string ldapSearchFilter = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", username);
// establish a connection to the directory
LdapConnection connection = new LdapConnection(
new LdapDirectoryIdentifier(domain),
new NetworkCredential() { UserName = username,
Password = "MyPassword" });
SearchRequest searchRequest = new SearchRequest(
targetOu, ldapSearchFilter, SearchScope.OneLevel, new[] {"mail"});
This code raises exception of type DirectoryOperationException with message The object does not exist.
I suspect there's something wrong with my targetOu and ldapSearchFilter variables.
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我怀疑主要问题可能是:
samAccountName是一个严格仅限 Windows 的属性,其他 LDAP 服务器不会知道。因此,如果您要使用非 Active Directory LDAP,则应该使用其他内容进行搜索 - 例如
sn(表示姓氏或姓氏)、givenName(名字) ),可能是displayName。另一个有趣的选择可能是使用 ANR(模糊名称解析)搜索 - 请参阅 SelfADSI 上的页面 大致在中间,解释了 ANR。
使用ANR,您可以像这样编写查询:
我还将
ObjectClass更改为ObjectCategory,原因有两个:ObjectCategory是单值的,例如仅包含单个值(ObjectClass是多值)ObjectCategory通常会建立索引,因此使用ObjectCategory进行搜索 这您正在寻找的结果?I suspect the main problem might be:
samAccountNameis a strictly Windows-only attribute that other LDAP servers won't know about.So if you're going against a non-Active Directory LDAP, you should use something else for searching - e.g.
sn(for surname or last name),givenName(first name), possiblydisplayName.Another interesting option might be to use ANR (ambiguous name resolution) searches - see this page on SelfADSI roughly in the middle, where ANR is explained.
With ANR, you would write your query like this:
I also changed
ObjectClasstoObjectCategoryfor two reasons:ObjectCategoryis single-valued, e.g. only contains a single value (ObjectClassis multi-valued)ObjectCategoryis typically indexed, and thus searches are typically a lot faster usingObjectCategoryDoes this return the results you're looking for?