我一直在试图查询LDAP目录服务器检索TNSNAMES条目。我有以下的code的工作，但它没有气味的权利。是不是因为这是错误的，或者是因为LDAP查询涉及间接几级

I've been trying to query an LDAP directory server to retrieve a tnsnames entry. I have the following code working, but it doesn't smell right. Is it because it is wrong, or because querying ldap involves a few levels of indirection

   let identifier = LdapDirectoryIdentifier(server, port)
   use connection = new LdapConnection (identifier)
   connection.AuthType <- AuthType.Anonymous
   let request = System.DirectoryServices.Protocols.SearchRequest(defaultAdminContext, "cn=" + sid, SearchScope.OneLevel, "orclnetdescstring")
   let response = connection.SendRequest request :?> SearchResponse

   Seq.init response.Entries.Count (fun i -> response.Entries.[i])
   |> Seq.collect (fun entry ->
       let value = entry.Attributes.["orclnetdescstring"]
       Seq.init value.Count (fun i -> value.[i])
       |> Seq.map (fun v -> Some (v :?> string))
       )

我希望有一个简单的通话，基本上是'查询目录并返回结果，但似乎有很多的的东西的我所要做的，以读真正的价值。

I was hoping for a simple call that basically does 'query the directory and return the result', but there seems to be a lot of 'stuff' I have to do in order to read the real values.

推荐答案

在客户端连接到目录服务器，客户端可以发出请求并读取响应。要求采取的LDAP操作，如绑定，搜索，添加，修改，删除，和其他的形式。

Once the client is connected to the directory server, the client can make requests and read the responses. Requests take the form of LDAP operations such as bind, search, add, modify, delete, and others.

在目录服务器接受连接，该连接（或LDAP会话，如果你preFER）有一个匿名的身份（的 RFC4513 ）。根据目录服务器的配置和请求的类型，可能有必要为客户端结合的连接到授权的身份 - 这是与其可以是简单的类型或SASL类型绑定请求完成。对话与目录服务器管理员联系，以确定您的客户端必须绑定连接到一个授权身份 - 管理员可以允许在不特定的身份验证请求，尽管这通常是一个不好的做法和不寻常的

When the directory server accepts a connection, that connection (or LDAP session if you prefer) has an anonymous identity (RFC4513). Depending on the configuration of the directory server and the type of request, it may be necessary for the client to bind the connection to an authorization identity - this is done with a bind request which can be a 'simple' type or a SASL type. Dialog with the directory server administrator to determine if your client must bind connections to an authorization identity - the administrator might allow certain requests without authentication, though this is generally a bad practice and unusual.

一个搜索数据需要下列参数：

A search for data requires the following parameters:

有哪些是可选的，例如，一个大小限制（一个上的条目数量限制返回），和时间限制（在时间搜索可以采取限制）的其他参数，是否返回刚刚属性，或者属性和值，和其他一些人。一般来说，所有的搜索请求应提供一个时间限制，以确保搜索将超时 - 因为目录服务器可以不与从客户端LDAP请求的时间限制配置。

There are other parameters which are optional, for example, a size limit (a limit on the number of entries to return), and time limit (a limit on the time the search can take), whether to return just attributes, or attributes and values, and some others. Generally speaking, all search requests should provide a time limit to ensure that the search will timeout - because the directory server may not be configured with a time limit on LDAP requests from clients.

从目录服务器的搜索请求将总是包含一个结果code的反应。此结果code应为零（0），如果搜索是成功的，或者它可能是一个code表明，本来是可以返回的项数超过了被允许被返回的条目数（被允许被返回是通过在搜索请求或服务器的限制的大小的限制封端），或者它可以是一个结果code指示已经发生了错误的条目数。

The response from the directory server to a search request will always contain a result code. This result code should be zero (0), if the search was successful, or it might be a code indicating that the number entries that could have been returned exceeded the number of entries that were allowed to be returned (the number of entries that are allowed to be returned is capped by the size limit in the search request or the servers' limit), or it may be a result code indicating that an error has occurred.

假设错误code为零，序列SearchResultEntries或SearchResultReferences的然后跟随，最后一SearchResultDone - 一个很好的API，将负责管理这部分客户端和简单$条目返回数组或P $ psent列表。

Assuming the error code was zero, a sequence of SearchResultEntries or SearchResultReferences then follows, and finally a SearchResultDone - a good API will manage this part for the client and simply present the entries returned as an array or a list.

最后，回答你的问题，是是的，有一些东西需要做条目可以读取之前。一个好的API将减少'东西'的金额为沉闷的轰鸣声。

Finally, the answer to your question, is 'yes, there is some stuff to be done' before entries can be read. A good API will reduce the amount of 'stuff' to a dull roar.