1. 技术文章
  2. Connecting to LDAP Server from .NET

Connecting to LDAP Server from .NET

不想你离开。 提交于 2019-11-29 22:54:14

问题


I've been recommended to use System.DirectoryServices.Protocols to be able to support connecting to LDAP servers other than Active Directoy here.
Unfortunately, I have not been able to search the directory properly. I'd like to be able to get a certain attribute for a user (e.g. mail). This is easily done in System.DirectoryServices namespace by using DirectorySearcher class. How can I achieve the same in System.DirectoryServices.Protocols namespace. Here's what I have so far: 

var domainParts = domain.Split('.');
string targetOu = string.Format("cn=builtin,dc={0},dc={1}", domainParts[0], domainParts[1]);
string ldapSearchFilter = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", username);

// establish a connection to the directory
LdapConnection connection = new LdapConnection(
                                new LdapDirectoryIdentifier(domain),
                                new NetworkCredential() { UserName = username, 
                                                   Password = "MyPassword" });
SearchRequest searchRequest = new SearchRequest(
                targetOu, ldapSearchFilter, SearchScope.OneLevel, new[] {"mail"});

This code raises exception of type DirectoryOperationException with message The object does not exist.

I suspect there's something wrong with my targetOu and ldapSearchFilter variables.

Thanks.


回答1:


I suspect the main problem might be: samAccountName is a strictly Windows-only attribute that other LDAP servers won't know about.

So if you're going against a non-Active Directory LDAP, you should use something else for searching - e.g. sn (for surname or last name), givenName (first name), possibly displayName.

Another interesting option might be to use ANR (ambiguous name resolution) searches - see this page on SelfADSI roughly in the middle, where ANR is explained.

With ANR, you would write your query like this:

string ldapSearchFilter = 
   string.Format("(&(ObjectCategory={0})(anr={1}))", "person", username);

I also changed ObjectClass to ObjectCategory for two reasons:

  • ObjectCategory is single-valued, e.g. only contains a single value (ObjectClass is multi-valued)
  • ObjectCategory is typically indexed, and thus searches are typically a lot faster using ObjectCategory

Does this return the results you're looking for?



来源:https://stackoverflow.com/questions/8700115/connecting-to-ldap-server-from-net

标签
c#
.net
ldap
directoryservices
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!