我一直推荐使用 System.DirectoryServices.Protocols 要能够支持连接到比主动Directoy的此处。 不幸的是，我一直没能正常搜索目录​​。我希望能够得到一定的属性，为用户（如邮件）。这是很容易在的System.DirectoryServices 命名空间使用 DirectorySearcher从类来完成。我怎样才能实现 System.DirectoryServices.Protocols 命名空间是相同的。这是我到目前为止有：

I've been recommended to use System.DirectoryServices.Protocols to be able to support connecting to LDAP servers other than Active Directoy here. Unfortunately, it I have not been able to search the directory properly. I'd like to be able to get a certain attribute for a user (e.g. mail). This is easily done in System.DirectoryServices namespace by using DirectorySearcher class. How can I achieve the same in System.DirectoryServices.Protocols namespace. Here's what I have so far:

var domainParts = domain.Split('.');
string targetOu = string.Format("cn=builtin,dc={0},dc={1}", domainParts[0], domainParts[1]);
string ldapSearchFilter = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", username);

// establish a connection to the directory
LdapConnection connection = new LdapConnection(
                                new LdapDirectoryIdentifier(domain),
                                new NetworkCredential() { UserName = username, 
                                                   Password = "MyPassword" });
SearchRequest searchRequest = new SearchRequest(
                targetOu, ldapSearchFilter, SearchScope.OneLevel, new[] {"mail"});

这code引发的异常类型 DirectoryOperationException 有消息的对象不存在的。

This code raises exception of type DirectoryOperationException with message The object does not exist.

我怀疑有什么毛病我的 targetOu 和 ldapSearchFilter 变量。

I suspect there's something wrong with my targetOu and ldapSearchFilter variables.

感谢。

推荐答案

我怀疑的主要问题可能是：的samAccountName 是一个严格的Windows只读属性，其他的LDAP服务器不知道。

I suspect the main problem might be: samAccountName is a strictly Windows-only attribute that other LDAP servers won't know about.

所以，如果你要对一个非Active Directory LDAP，你应该用别的搜索 - 例如， SN （用于姓氏或名字），给定名称（名字），可能是显示名。

So if you're going against a non-Active Directory LDAP, you should use something else for searching - e.g. sn (for surname or last name), givenName (first name), possibly displayName.

另一个有趣的选择可能是使用ANR（不明确名称解析）搜索 - 请SelfADSI此页的大致在中间，其中ANR进行说明。

Another interesting option might be to use ANR (ambiguous name resolution) searches - see this page on SelfADSI roughly in the middle, where ANR is explained.

使用ANR，你会写你的查询是这样的：

With ANR, you would write your query like this:

string ldapSearchFilter = 
   string.Format("(&(ObjectCategory={0})(anr={1}))", "person", username);

我也改变了对象类到 objectCategory属性有两个原因：

objectCategory属性是单值，如：只包含一个值（对象类是多值） objectCategory属性通常索引，因此搜索是典型的速度快了很多使用 objectCategory属性 ObjectCategory is single-valued, e.g. only contains a single value (ObjectClass is multi-valued) ObjectCategory is typically indexed, and thus searches are typically a lot faster using ObjectCategory

这是否返回你要找的结果？

Does this return the results you're looking for?