如何查询ActiveDirectory的使用LDAP的用户名,而不是一个CN? [英] How do I query ActiveDirectory using LDAP with a username, not a CN?
问题描述
如果我设置了.NET DirectoryEntry.Path来是这样的:
LDAP:// CN =约翰·史密斯,OU =组名称,DC =例如,DC = COM
一切都很正常,我得到我所需要的的DirectoryEntry。但是,我不知道用户的真正的通用名称(CN)。我只知道他们的用户名,JOHN.SMITH。
那么,如何可以查询用户名?我已经尝试了所有以下的不成功:
LDAP://CN=John.Smith,OU=Group名称,DC =例如,DC = COM
LDAP://sAMAccountName=John.Smith,OU=Group名称,DC =例如,DC = COM
LDAP://userPrincipalName=John.Smith,OU=Group名称,DC =例如,DC = COM
LDAP://userPrincipalName=John.Smith@example.com,OU=Group名称,DC =例如,DC = COM
LDAP://uid=John.Smith,OU=Group名称,DC =例如,DC = COM
LDAP://o=John.Smith,OU=Group名称,DC =例如,DC = COM
您不能只是通过创建一个LDAP字符串进行查询 - 你需要使用code为
是这样的:
的DirectoryEntry deRoot =新的DirectoryEntry(LDAP:// yourserver / CN =用户,DC = YourCompany,DC = COM);
DirectorySearcher从dsFindUser =新DirectorySearcher从(deRoot);
dsFindUser.SearchScope = SearchScope.SubTree;
dsFindUser.PropertiesToLoad.Add(SN); //姓=姓氏
dsFindUser.PropertiesToLoad.Add(给定名称); // 名字
dsFindUser.Filter =的String.Format((及(objectCategory属性=人)(ANR = {0})),yourUserName);
信息搜索结果rseult = dsFindUser.FindOne();
如果(结果!= NULL)
{
如果(result.Properties [SN]!= NULL)
{
字符串的lastName = result.Properties [SN] [0]的ToString();
}
如果(result.Properties [给定名称]!= NULL)
{
字符串的lastName = result.Properties [给定名称] [0]的ToString();
}
}
完整的MSDN文档上的<一个href="http://msdn.microsoft.com/en-us/library/system.directoryservices.directorysearcher.aspx">System.DirectoryServices.DirectorySearcher类可以在MSDN上找到 - 它有很多附加的属性和设置
如果您使用的是.NET 3.5,事情已经得到了相当多的用程序来处理用户和组强类型的库更容易 - 看看这个优秀的MSDN文章更多信息。
希望这有助于
马克·
If I set the .NET DirectoryEntry.Path to something like:
LDAP://CN=John Smith,OU=Group Name,DC=example,DC=com
Everything works great, and I get the DirectoryEntry I need. However, I don't know the user's true Common Name (CN). I only know their username, "John.Smith".
So, how can I query the username? I have tried all the following without success:
LDAP://CN=John.Smith,OU=Group Name,DC=example,DC=com
LDAP://sAMAccountName=John.Smith,OU=Group Name,DC=example,DC=com
LDAP://userPrincipalName=John.Smith,OU=Group Name,DC=example,DC=com
LDAP://userPrincipalName=John.Smith@example.com,OU=Group Name,DC=example,DC=com
LDAP://uid=John.Smith,OU=Group Name,DC=example,DC=com
LDAP://o=John.Smith,OU=Group Name,DC=example,DC=com
You can't just query by means of creating an LDAP string - you'll need to use code for that.
Something like:
DirectoryEntry deRoot = new DirectoryEntry("LDAP://yourserver/CN=Users,dc=YourCompany,dc=com");
DirectorySearcher dsFindUser = new DirectorySearcher(deRoot);
dsFindUser.SearchScope = SearchScope.SubTree;
dsFindUser.PropertiesToLoad.Add("sn"); // surname = last name
dsFindUser.PropertiesToLoad.Add("givenName"); // first name
dsFindUser.Filter = string.Format("(&(objectCategory=Person)(anr={0}))", yourUserName);
SearchResult rseult = dsFindUser.FindOne();
if(result != null)
{
if(result.Properties["sn"] != null)
{
string lastName = result.Properties["sn"][0].ToString();
}
if(result.Properties["givenName"] != null)
{
string lastName = result.Properties["givenName"][0].ToString();
}
}
The full MSDN documentation on the System.DirectoryServices.DirectorySearcher class can be found on MSDN - it has lots of additional properties and settings.
If you're on .NET 3.5, things have gotten quite a bit easier with a strongly-typed library of routines for handling users and groups - see this excellent MSDN article on the topic for more info.
Hope this helps
Marc
这篇关于如何查询ActiveDirectory的使用LDAP的用户名,而不是一个CN?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!