在Active Directory服务通知中过滤SearchRequest [英] Filtering SearchRequest in Active Directory Services Notification

问题描述

我正在Active Directory服务中使用异步更改通知，主要是为了跟踪用户组成员身份的更改.这是根据用户当前的组成员身份修改在我们的应用程序中显示的内容.呈现的代码 下面摘录了进行此设置的要点，并在与这些组成员身份更改保持一致的情况下发挥了良好的作用.

I am using asynchronous change notifications in active directory service primarily to track changes in group membership of users.  This is to modify the content displayed in our application based on users’ current group membership.  The code presented below has extracted the essentials of setting this up, and performs well in keeping up with these group membership changes.

        LdapConnection connection = null;
        IAsyncResult result = null;
        private void Button_Click(object sender, EventArgs e)
        {
            string[] attributes = { "name", "objectclass", "samaccountname" };
            string searchRoot = "cn=users, dc=4106dev, dc=local";
            string filter = "(objectClass=*)";

            try
            {
                SearchRequest request = new SearchRequest(searchRoot, filter, SearchScope.OneLevel, attributes);

                request.Controls.Add(new DirectoryNotificationControl());

                LdapDirectoryIdentifier directoryID = new LdapDirectoryIdentifier("4106dev.local");
                connection = new LdapConnection(directoryID)
                {
                    Credential = new NetworkCredential("Administrator", "standin_for_password"),
                    AutoBind = true,
                    Timeout = TimeSpan.FromDays(1)
                };

                PartialResultProcessing processingMode = PartialResultProcessing.ReturnPartialResultsAndNotifyCallback;
                TimeSpan notificationTimeout = TimeSpan.FromMinutes(60);
                result = connection.BeginSendRequest(request, notificationTimeout, processingMode, NotificationCallback, request);
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.ToString());
            }
        }

        private void NotificationCallback(IAsyncResult result)
        {
            try
            {
                PartialResultsCollection partialResults = connection.GetPartialResults(result);
                foreach (SearchResultEntry entry in partialResults)
                {
                    // process individual partial results ...
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.ToString());
            }
        }

但是，除了所需的通知之外，还有许多其他有关与登录等相关的更改的通知.尽管在NotificationCallback函数中处理部分结果可以轻松检测并忽略这些结果， 似乎最好先将它们过滤掉，然后再成为额外的网络流量，等等. SearchRequest构造函数的"filter"参数似乎是实现此目的的一种合理方法.

However, in addition to the desired notifications, there are many additional notifications of changes related to logins, and the like.  Although the processing of partial results in the NotificationCallback function can easily detect and ignore these, it would seem better filter these out before they become extra network traffic, etc.   The "filter" parameter of the SearchRequest constructor would seem a reasonable way to do this.

但是，当我用限制性更强的过滤器替换filter参数时，例如:

However, when I replace the filter parameter with a more restrictive filter, for instance:

字符串 过滤器= ((objectClass = user)""

            string filter = "(objectClass=user)";

 

我立即在NotificationCallback函数中使用IAsynchResult参数获得对NotificationCallback函数的回调，表明请求已完成.另外，当我尝试 要从此结果中检索部分结果，我得到以下异常:

I immediately get a callback to the NotificationCallback function with the IAsynchResult parameter in the NotificationCallback function showing that the request is completed.  In addition, when I try to retrieve the partial results from this result, I get the following exception:

System.DirectoryServices.Protocols.DirectoryOperationException: The server cannot handle directory requests.
   at System.DirectoryServices.Protocols.LdapPartialResultsProcessor.GetPartialResults(LdapPartialAsyncResult asyncResult)
   at System.DirectoryServices.Protocols.LdapConnection.GetPartialResults(IAsyncResult asyncResult)
   at LDAPNotifications.Form1.NotificationCallback(IAsyncResult result)

我进行了相当广泛的搜索，试图弄清楚如何进行这项工作，但收效甚微.

I have done a fairly extensive search trying to figure out how to make this work, without much success.

1.      甚至有可能

1.      Is it even possible to use a more restrictive filter parameter for this notification process than the (objectClass=*) filter?
2.      If it is possible, is there something else that must be done to enable the process to work with the more restrictive filter?

感谢您提供的任何信息.

Thanks in advance for any information you can provide.

推荐答案

格伦·法利，

谢谢您在这里发布.

如果要使用限制性更强的筛选器，可以参考MSDN文章.它显示了 DSML V2的搜索过滤器查询语法的定义是DSML V2 XML架构规范的一部分.

If you want to use more restrictive filter, you could refer to the MSDN article. It shows the definition of the search filter query syntax for DSML V2 is part of the DSML V2 XML schema specification.

https://msdn.microsoft.com/en-us/library/aa813643(v = vs.85).aspx

对于错误消息，您想查看以下链接.

For the error message, you would like to check the following link.

http://www.morgantechspace.com /2014/03/LDAP-Error-The-server-cannot-handle-directory-requests.html

最好的问候，

温迪

这篇关于在Active Directory服务通知中过滤SearchRequest的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！