是否有一个.NET类可以从LDAP中解析CN =字符串? [英] Is there a .NET class that can parse CN= strings out of LDAP?

问题描述

我有一个要从LDAP中获取的Active Directory组成员身份的字符串，我需要解析它以检查用户是否是AD组的成员.有可以为我解析的课程吗?

I've got a string that I'm fetching from LDAP for Active Directory group membership and I need to parse it to check if the user is a member of the AD group. Is there a class that can parse this for me?

示例:

CN=Foo Group Name,DC=mydomain,DC=com

推荐答案

此外，如果您在AD中查询组成员，则可以直接比较所有成员的专有名称，而无需通过 System.DirectoryServices名称空间的类.

Besides, if you query the AD for a group members, you'll be able to compare all of the members' distinguishedName's directly without parsing code through the DirectoryEntry class of the System.DirectoryServices namespace.

否则，我只是在某个地方不知道这样的课程. =)

Otherwise, I just don't know of such a class somewhere. =)

希望无论如何这都会有所帮助！

Hope this helps anyway somehow !

编辑#1

这里是一个链接，通过该链接我学到了很多有关AD和System.DirectoryServices命名空间的知识:

Here's a link from which I have learned a lot working with the AD and the System.DirectoryServices namespace: Howto: (Almost) Everything In Active Directory via C#

如果您仍需要几天，我将在几天内为您提供示例代码，在此我将使用System.DirectoryServices.DirectorySearcher对象类来检索组的成员.

I shall provide you with a sample code in a few days, if you still require it, where I will use the System.DirectoryServices.DirectorySearcher object class to retrieve the members of a group.

我希望此链接能为您带来帮助！ =)

I hope this link will help you as it did for me! =)

编辑#2

这是我告诉您的代码示例.这样应该可以更有效地查询AD，而不必进行bakc来回处理AD.

Here's the code sample I told you about. This should make it more efficient to query against the AD without having to work bakc and forth the AD.

public IList<string> GetMembers(string groupName) {
    if (string.IsNullOrEmpty(groupName))
        throw new ArgumentNullException("groupName");

    IList<string> members = new List<string>();

    DirectoryEntry root = new DirectoryEntry(@"LDAP://my.domain.com");
    DirectorySearcher searcher = new DirectorySearcher();
    searcher.SearchRoot = root;
    searcher.SearchScope = SearchScope.Subtree;
    searcher.PropertiesToLoad.Add("member");

    searcher.Filter = string.Format("(&(objectClass=group)(sAMAccountName={0}))", groupName);

    SearchResult result = searcher.FindOne();
    DirectoryEntry groupFound = result.GetDirectoryEntry();
    for (int index = 0; index < ((object[])groupFound.Properties["member"].Value).Length; ++index)
        members.Add((string)((object[])groupFound.Properties["member"].Value)[index]);

    return members;

}

免责声明:此代码按原样提供.我在本地计算机上对其进行了测试，并且效果很好.但是由于我不能只复制粘贴它而不得不在这里重新输入它，所以我在输入时可能犯了一些错误，我希望这种错误不会发生.

这篇关于是否有一个.NET类可以从LDAP中解析CN =字符串?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！