验证密码Mono+IPA(LDAP)+rhel
本文关键字:+rhel LDAP 密码 Mono+IPA 验证 | 更新日期: 2023-09-27 18:30:04
我需要在LDAP(IPA内部)中验证用户/密码。这是Novell的例子,但不起作用的
System.String ldapHost = "ipa-server.ipadev.local";
System.String loginDN = "uid=tom,cn=users,cn=compat,dc=ipadev,dc=local";
System.String password = "12345678";
System.String objectDN = "cn=tim,cn=groups,cn=accounts,dc=ipadev,dc=local";
System.String testPassword = "12345678";
LdapConnection conn = new LdapConnection();
conn.SecureSocketLayer = true;
conn.UserDefinedServerCertValidationDelegate += delegate {
return true;
};
try
{
conn.Connect(ldapHost, LdapConnection.DEFAULT_SSL_PORT);
conn.Bind(loginDN, password);
LdapAttribute attr = new LdapAttribute("userPassword", testPassword);
bool correct = conn.Compare(objectDN, attr);
System.Console.Out.WriteLine(correct ? "The password is correct." : "The password is incorrect.'n");
// disconnect with the server
conn.Disconnect();
}
catch (LdapReferralException ex)
{
System.Console.Error.WriteLine ("Error: Referrals exception - " + ex.ToString());
System.Console.Error.WriteLine ("Referrals: " + ex.getReferrals ());
}
catch (LdapException e)
{
if (e.ResultCode == LdapException.NO_SUCH_OBJECT)
{
System.Console.Error.WriteLine("Error: No such entry - " + e.ToString());
}
else if (e.ResultCode == LdapException.NO_SUCH_ATTRIBUTE)
{
System.Console.Error.WriteLine("Error: No such attribute");
}
else
{
System.Console.Error.WriteLine("Error: " + e.ToString());
}
}
catch (System.IO.IOException e)
{
System.Console.Out.WriteLine("Error: " + e.ToString());
}
System.Environment.Exit(0);
如果我使用空密码-绑定将成功,但conn.Compare给出错误-Error: LdapException: (50) Insufficient Access Rights
如果我使用普通密码(12345678),我会在绑定中得到-error "LdapReferralException: (10) Referral"
还有一个问题——在loginDn中,我应该使用像"uid=tom,cn=users,cn=compat,dc=ipadev,dc=local"那样的完整路径吗?但用户只拥有登录名,如何创建这个完整路径?
在LDAP中不是这样做的。其想法是将连接为具有该密码的用户,并查看是否成功。