在单声道中使用LDAP从Active Directory获取用户组时出错
本文关键字:Directory Active 获取 用户组 出错 LDAP 单声道 声道 | 更新日期: 2023-09-27 18:12:44
请帮我处理一下这个问题。
我正在尝试使用以下代码获取用户组。我通过单声道运行。操作系统Windows数据正常获取(该帐号未加入域)。但是当我在Linux上启动相同的代码时,得到错误。
我需要做什么才能获得正常的结果?
using System;
using System.Text;
using System.DirectoryServices;
using System.Runtime.InteropServices;
namespace ActiveDirectoryTest
{
class Program
{
private static void Main(string[] args)
{
try
{
DirectoryEntry de = new DirectoryEntry("LDAP://sub.domain.com","username@domain","password",AuthenticationTypes.None);
DirectorySearcher search = new DirectorySearcher(de);
search.ReferralChasing=ReferralChasingOption.All;
search.Filter = "(&(ObjectClass=user)(sAMAccountName=username))";
search.PropertiesToLoad.Add("sAMAccountName");
search.PropertiesToLoad.Add("memberOf");
StringBuilder groupNames = new StringBuilder();
var result = search.FindAll()[0];
int propertyCount = result.Properties["memberOf"].Count;
for (int propertyCounter = 0;
propertyCounter < propertyCount;
propertyCounter++)
{
var dn = (String) result.Properties["memberOf"][propertyCounter];
var equalsIndex = dn.IndexOf("=", 1);
var commaIndex = dn.IndexOf(",", 1);
if (-1 == equalsIndex)
{
Console.WriteLine("error parse");
}
groupNames.Append(dn.Substring((equalsIndex + 1),
(commaIndex - equalsIndex) - 1));
groupNames.Append("|");
}
Console.WriteLine(groupNames.ToString());
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Console.ReadLine();
}
}
}
LdapException: (32) No Such Object LdapException: Server Message:0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0,最佳匹配:" Novell.Directory.Ldap.LdapException
此错误通常在搜索基无效时产生。当您使用明文LDAP时(我下面的示例使用SSL,但是您可以注释将身份验证类型更改为System.DirectoryServices.AuthenticationTypes.None),您可以在端口389上获取应用程序主机和LDAP服务器之间的网络捕获,并查看正在执行的实际搜索。
根据MS的文档,您应该能够使用LDAP://dc=company,dc=gTLD而无需指定特定的域控制器。因为我需要我的代码在Active Directory和纯LDAP服务器上都能正常工作,所以我使用了LDAP://DomainController.company.gTLD/ou=UserOU,dc=company,dc=gTLD这样的代码,其中包含了LDAP主机名和搜索基。
我用于LDAP身份验证的函数:
protected string ldapAuthentication(string strLDAPServer, string strSuppliedUser, string strSuppliedPwd, string strSystemUID, string strSystemPwd, string strLDAPUserBase, string strUIDAttr){
strSuppliedUser = strSuppliedUser.Trim();
string strResults = "";
string strLDAPUserHost = strLDAPServer + strLDAPUserBase;
// Establish LDAP connection and bind with system ID
System.DirectoryServices.DirectoryEntry dirEntry = new System.DirectoryServices.DirectoryEntry();
dirEntry.Path = strLDAPUserHost;
dirEntry.Username = strSystemUID;
dirEntry.Password = strSystemPwd;
dirEntry.AuthenticationType = System.DirectoryServices.AuthenticationTypes.SecureSocketsLayer;
try
{
dirEntry.RefreshCache();
// Search directory for the user logging on
string strLDAPFilter = "(&(objectClass=user)(" + strUIDAttr + "=" + strSuppliedUser + "))";
System.DirectoryServices.DirectorySearcher ldapSearch = new System.DirectoryServices.DirectorySearcher(dirEntry);
ldapSearch.ServerTimeLimit = new TimeSpan(0, 0, 30);
ldapSearch.Filter = strLDAPFilter;
ldapSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree;
System.DirectoryServices.SearchResultCollection searchResults = ldapSearch.FindAll();
if (searchResults.Count == 1){
...
这个函数的调用方式如下:
strInputResults = ldapAuthentication("LDAP://DomainController.company.gTLD/", strInputSuppliedUser, strInputSuppliedPwd, "SystemAccount@company.gTLD", "Syst3mP@s5w0rd", "ou=UserOU,dc=company,dc=gTLD","sAMAccountName");