错误0x80005000和的DirectoryServices [英] Error 0x80005000 and DirectoryServices

问题描述

我想在.net中使用目录服务来运行一个简单的LDAP查询。

I'm trying to run a simple LDAP query using directory services in .Net.

    DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com");
    directoryEntry.AuthenticationType = AuthenticationTypes.Secure;

    DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);

    directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

    var result = directorySearcher.FindOne();
    var resultDirectoryEntry = result.GetDirectoryEntry();

    return resultDirectoryEntry.Properties["msRTCSIP-PrimaryUserAddress"].Value.ToString();

和我得到了以下异常：

System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
  at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_AdsObject()
  at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
  at System.DirectoryServices.DirectorySearcher.FindOne()

作为一个控制台应用程序的一个片段，这个工程。但是，当我运行它作为一个WCF服务（在相同的凭据下运行）的一部分，它抛出上述异常。

As a snippet in a Console app, this works. But when I run it as part of a WCF service (run under the same credentials), it throws the above exception.

有什么建议？

感谢

推荐答案

这是一个权限问题。

当您运行控制台应用程序，该应用程序运行与您的凭据，如： 你。

When you run the console app, that app runs with your credentials, e.g. as "you".

WCF服务运行在哪里？在IIS？最有可能的，它在一个单独的帐户，这是不许可管理来查询Active Directory运行。

The WCF service runs where? In IIS? Most likely, it runs under a separate account, which is not permissioned to query Active Directory.

您可以尝试让WCF模拟的thingie工作，让自己的凭据获得通过，或者你可以创建的DirectoryEntry指定用户名/密码：

You can either try to get the WCF impersonation thingie working, so that your own credentials get passed on, or you can specify a username/password on creating your DirectoryEntry:

DirectoryEntry directoryEntry = 
    new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com", 
                       userName, password);

---

---

确定，所以它可能不是在所有的凭证（这通常是在我看到的情况下，超过80％的情况下）。

OK, so it might not be the credentials after all (that's usually the case in over 80% of the cases I see).

什么改变你的codeA一点？

What about changing your code a little bit?

DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);
directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

directorySearcher.PropertiesToLoad.Add("msRTCSIP-PrimaryUserAddress");

var result = directorySearcher.FindOne();

if(result != null)
{
   if(result.Properties["msRTCSIP-PrimaryUserAddress"] != null)
   {
      var resultValue = result.Properties["msRTCSIP-PrimaryUserAddress"][0];
   }
}

我的想法是：为什么不告诉 DirectorySearcher从马上蝙蝠是什么属性，你有兴趣吗？然后，你就不需要做其它额外的步骤，以获取完整的的DirectoryEntry 从搜索结果中（应该更快），因为你说的目录搜索，发现物业，它肯定会在搜索结果中被加载 - 所以，除非它是空（无设置值），那么你应该能够很容易地检索

My idea is: why not tell the DirectorySearcher right off the bat what attribute you're interested in? Then you don't need to do another extra step to get the full DirectoryEntry from the search result (should be faster), and since you told the directory searcher to find that property, it's certainly going to be loaded in the search result - so unless it's null (no value set), then you should be able to retrieve it easily.

马克·

这篇关于错误0x80005000和的DirectoryServices的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！