在单声道中使用LDAP从Active Directory获取用户组时出错

本文关键字:Directory Active 获取 用户组 出错 LDAP 单声道 声道 | 更新日期: 2023-09-27 18:12:44

请帮我处理一下这个问题。

我正在尝试使用以下代码获取用户组。我通过单声道运行。操作系统Windows数据正常获取(该帐号未加入域)。但是当我在Linux上启动相同的代码时,得到错误。

我需要做什么才能获得正常的结果?

using System;
using System.Text;
using System.DirectoryServices;
using System.Runtime.InteropServices;
namespace ActiveDirectoryTest
{
    class Program
    {
        private static void Main(string[] args)
        {
            try
            {
                DirectoryEntry de = new DirectoryEntry("LDAP://sub.domain.com","username@domain","password",AuthenticationTypes.None);                  
                DirectorySearcher search = new DirectorySearcher(de);
                search.ReferralChasing=ReferralChasingOption.All;
                search.Filter = "(&(ObjectClass=user)(sAMAccountName=username))";    
                search.PropertiesToLoad.Add("sAMAccountName");
                search.PropertiesToLoad.Add("memberOf");
                StringBuilder groupNames = new StringBuilder();
                var result = search.FindAll()[0];
                int propertyCount = result.Properties["memberOf"].Count;
                for (int propertyCounter = 0;
                    propertyCounter < propertyCount;
                    propertyCounter++)
                {
                    var dn = (String) result.Properties["memberOf"][propertyCounter];
                    var equalsIndex = dn.IndexOf("=", 1);
                    var commaIndex = dn.IndexOf(",", 1);
                    if (-1 == equalsIndex)
                    {
                        Console.WriteLine("error parse");
                    }
                    groupNames.Append(dn.Substring((equalsIndex + 1),
                        (commaIndex - equalsIndex) - 1));
                    groupNames.Append("|");
                }
                Console.WriteLine(groupNames.ToString());
            }
            catch (Exception e)
            {
                Console.WriteLine(e.Message);
            }
            Console.ReadLine();
        }
    }
}

LdapException: (32) No Such Object LdapException: Server Message:0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0,最佳匹配:" Novell.Directory.Ldap.LdapException

在单声道中使用LDAP从Active Directory获取用户组时出错

此错误通常在搜索基无效时产生。当您使用明文LDAP时(我下面的示例使用SSL,但是您可以注释将身份验证类型更改为System.DirectoryServices.AuthenticationTypes.None),您可以在端口389上获取应用程序主机和LDAP服务器之间的网络捕获,并查看正在执行的实际搜索。

根据MS的文档,您应该能够使用LDAP://dc=company,dc=gTLD而无需指定特定的域控制器。因为我需要我的代码在Active Directory和纯LDAP服务器上都能正常工作,所以我使用了LDAP://DomainController.company.gTLD/ou=UserOU,dc=company,dc=gTLD这样的代码,其中包含了LDAP主机名搜索基。

我用于LDAP身份验证的函数:

protected string ldapAuthentication(string strLDAPServer, string strSuppliedUser, string strSuppliedPwd, string strSystemUID, string strSystemPwd, string strLDAPUserBase, string strUIDAttr){
    strSuppliedUser = strSuppliedUser.Trim();
string strResults = "";
    string strLDAPUserHost = strLDAPServer + strLDAPUserBase;
    // Establish LDAP connection and bind with system ID
    System.DirectoryServices.DirectoryEntry dirEntry = new System.DirectoryServices.DirectoryEntry();
    dirEntry.Path = strLDAPUserHost;
    dirEntry.Username = strSystemUID;
    dirEntry.Password = strSystemPwd;
dirEntry.AuthenticationType = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer;
    try
    {
        dirEntry.RefreshCache();
        // Search directory for the user logging on
        string strLDAPFilter = "(&(objectClass=user)(" + strUIDAttr + "=" + strSuppliedUser + "))";
        System.DirectoryServices.DirectorySearcher ldapSearch = new System.DirectoryServices.DirectorySearcher(dirEntry);
        ldapSearch.ServerTimeLimit = new TimeSpan(0, 0, 30);

        ldapSearch.Filter = strLDAPFilter;
        ldapSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
        System.DirectoryServices.SearchResultCollection searchResults = ldapSearch.FindAll();

        if (searchResults.Count == 1){
        ...

这个函数的调用方式如下:

strInputResults = ldapAuthentication("LDAP://DomainController.company.gTLD/", strInputSuppliedUser, strInputSuppliedPwd, "SystemAccount@company.gTLD", "Syst3mP@s5w0rd", "ou=UserOU,dc=company,dc=gTLD","sAMAccountName");