我一直推荐使用 System.DirectoryServices.Protocols
要能够支持连接到比主动Directoy的此处。
不幸的是,我一直没能正常搜索目录。我希望能够得到一定的属性,为用户(如邮件
)。这是很容易在的System.DirectoryServices
命名空间使用 DirectorySearcher从
类来完成。我怎样才能实现 System.DirectoryServices.Protocols
命名空间是相同的。这是我到目前为止有:
I've been recommended to use System.DirectoryServices.Protocols
to be able to support connecting to LDAP servers other than Active Directoy here.
Unfortunately, it I have not been able to search the directory properly. I'd like to be able to get a certain attribute for a user (e.g. mail
). This is easily done in System.DirectoryServices
namespace by using DirectorySearcher
class. How can I achieve the same in System.DirectoryServices.Protocols
namespace. Here's what I have so far:
var domainParts = domain.Split('.');
string targetOu = string.Format("cn=builtin,dc={0},dc={1}", domainParts[0], domainParts[1]);
string ldapSearchFilter = string.Format("(&(ObjectClass={0})(sAMAccountName={1}))", "person", username);
// establish a connection to the directory
LdapConnection connection = new LdapConnection(
new LdapDirectoryIdentifier(domain),
new NetworkCredential() { UserName = username,
Password = "MyPassword" });
SearchRequest searchRequest = new SearchRequest(
targetOu, ldapSearchFilter, SearchScope.OneLevel, new[] {"mail"});
这code引发的异常类型 DirectoryOperationException
有消息的对象不存在
的。
This code raises exception of type DirectoryOperationException
with message The object does not exist
.
我怀疑有什么毛病我的 targetOu
和 ldapSearchFilter
变量。
I suspect there's something wrong with my targetOu
and ldapSearchFilter
variables.
感谢。
我怀疑的主要问题可能是:的samAccountName
是一个严格的Windows只读属性,其他的LDAP服务器不知道。
I suspect the main problem might be: samAccountName
is a strictly Windows-only attribute that other LDAP servers won't know about.
所以,如果你要对一个非Active Directory LDAP,你应该用别的搜索 - 例如, SN
(用于姓氏或名字),给定名称
(名字),可能是显示名
。
So if you're going against a non-Active Directory LDAP, you should use something else for searching - e.g. sn
(for surname or last name), givenName
(first name), possibly displayName
.
另一个有趣的选择可能是使用ANR(不明确名称解析)搜索 - 请SelfADSI此页的大致在中间,其中ANR进行说明。
Another interesting option might be to use ANR (ambiguous name resolution) searches - see this page on SelfADSI roughly in the middle, where ANR is explained.
使用ANR,你会写你的查询是这样的:
With ANR, you would write your query like this:
string ldapSearchFilter =
string.Format("(&(ObjectCategory={0})(anr={1}))", "person", username);
我也改变了对象类
到 objectCategory属性
有两个原因:
objectCategory属性
是单值,如:只包含一个值(对象类
是多值)
objectCategory属性
通常索引,因此搜索是典型的速度快了很多使用 objectCategory属性
ObjectCategory
is single-valued, e.g. only contains a single value (ObjectClass
is multi-valued)
ObjectCategory
is typically indexed, and thus searches are typically a lot faster using ObjectCategory
这是否返回你要找的结果?
Does this return the results you're looking for?