使用LDAP更改用户密码
本文关键字:用户 密码 LDAP 使用 | 更新日期: 2023-09-27 18:20:32
这是我的代码
var fullName = ApplicationSettings.DefaultUser;
var userId = fullName.Substring(fullName.LastIndexOf(@"'", StringComparison.Ordinal) + 1).ToUpper(CultureInfo.InvariantCulture);
try
{
DirectoryEntry entry = new DirectoryEntry("LDAP://ldapaddressstring", userId, existingPassword, AuthenticationTypes.Secure);
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(&(objectClass=user)(sAMAccountName=" + userId + "))";
entry = search.FindOne().GetDirectoryEntry();
entry.Invoke("ChangePassword", new object[] { existingPassword, newPassword });
}
catch (Exception ex)
{
//throw plain exception
throw ex;
}
我收到错误的用户名或密码错误。有什么想法吗?
您希望用户更改自己的密码,还是管理员重置密码?
你有什么要输入的吗?或者当你调用FindOne时发生了错误吗?
这是我使用的代码,"Impersonator"是一个允许模拟域管理员帐户以确保适当权限的类。你应该可以在这里找到它。
public ServiceResponse ChangePassword(string username, string oldPassword, string newPassword)
{
ServiceResponse response = new ServiceResponse();
try
{
var entry = new DirectoryEntry(DomainUsersConnectionString, username, oldPassword);
var nativeObject = entry.NativeObject;
// Check passed. Can reset the password now
entry = RootDirectoryEntry;
var user = FindUserInDirectoryEntry(username, entry);
response = SetPassword(user, newPassword);
user.Close();
}
catch (DirectoryServicesCOMException ex)
{
response.Status = Status.Error;
response.Message = ex.ExtendedErrorMessage;
m_Logger.Error("Failed to change password for user {0}: {1} - {2}", username, ex.ExtendedErrorMessage, (ex.InnerException ?? ex));
}
catch (Exception ex)
{
response.Status = Status.Error;
response.Message = ex.Message;
m_Logger.Error("Failed to change password for user {0}: {1} -{2}", username, ex.Message, (ex.InnerException ?? ex));
}
return response;
}
/// <summary>
/// Finds the user in directory entry.
/// </summary>
/// <param name="username">The username.</param>
/// <param name="dirEntry">The dir entry.</param>
/// <returns></returns>
protected static DirectoryEntry FindUserInDirectoryEntry(string username, DirectoryEntry dirEntry)
{
// rip off Domain name if username contains it
string domainName = String.Format(@"{0}'", DomainName).ToLowerInvariant();
username = username.Replace(domainName, "");
DirectorySearcher searcher = new DirectorySearcher(dirEntry)
{
Filter = String.Format("(samAccountName={0})", username)
};
var searchResult = searcher.FindOne();
if (searchResult != null)
{
DirectoryEntry user = searchResult.GetDirectoryEntry();
return user;
}
return null;
}
private ServiceResponse SetPassword(DirectoryEntry user, string password)
{
ServiceResponse response = new ServiceResponse();
try
{
using (var impersonator = new Impersonator(DomainAdminUsername, DomainName, DomainAdminPassword))
{
user.Invoke("SetPassword", new object[] { password });
user.Properties["LockOutTime"].Value = 0; //unlock account
user.CommitChanges();
}
response.Status = Status.Success;
}
catch (DirectoryServicesCOMException ex)
{
response.Status = Status.Error;
response.Message = ex.ExtendedErrorMessage;
m_Logger.Error("SetPassword failed for user {0}: {1}", user.Name, ex.ExtendedErrorMessage);
}
catch (Exception ex)
{
response.Status = Status.Error;
response.Message = ex.Message;
m_Logger.Error("SetPassword failed for user {0} by {1} at {2}: {3}: {4}", user.Name,
DomainAdminUsername, DomainName,
ex.Message, (ex.InnerException ?? ex).ToString());
}
return response;
}
可能影响您的注意事项:
- 删除域名(如果存在)
- 检索"NativeObject"似乎对缓存/连接有影响
- 这是使用"设置密码",它需要"重置密码扩展控制访问权限"