如何在C#中通过LDAPS连接到Active Directory? [英] How to connect to Active Directory via LDAPS in C#?
问题描述
在此站点的解答主题中找到了文档(此处),但我可以无法连接到AD.当我使用Active Directory Explorer之类的程序时,我可以连接.我认为,因为我尝试连接到LDAPS,所以我需要其他方法吗?
Found a documentation (here) in an answer thread on this site but i can´t get an connection to an AD. When i use a program like Active Directory Explorer i can connect. I think, because i am trying to connect to a LDAPS i need a different approach?
我有服务器IP,域,用户名/密码和端口636.
我尝试了new DirectoryEntry的各种组合,但无法将其连接.总是得到COMException Domain is not existing.
I have the server IP, a domain, username/pwd and the port 636.
I tried various combinations @ new DirectoryEntry but couldn´t get it to connect. Always get a COMException Domain is not existing .
static DirectoryEntry createDirectoryEntry()
{
DirectoryEntry ldapConnection = new DirectoryEntry("LDAP://192.168.2.59", USER, PWD);
ldapConnection.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;
return ldapConnection;
}
背景信息: 用户将其卡放入读卡器单元. Porgram从卡中获取ID,并在数据库中搜索该ID,然后返回属于该ID/用户的电子邮件地址 . 这里是可行的解决方案:
Background Infos: User places his card to a Card Reader Unit. Porgram gets ID from card and searches the DB for this ID and returns the eMail address belonging to the ID/User . And here the working solution:
private string getEmail(string userID)
{
try
{
string ldapfilter = "(&(otherPager=" + userID + "))";
DirectoryEntry myLdapConnection = new DirectoryEntry("LDAP://" + SERVER, USER, PWD);
DirectorySearcher search = new DirectorySearcher(myLdapConnection);
search.Filter = ldapfilter;
/*search.PropertiesToLoad.Add("mail");
SearchResult result = search.FindOne();*/
string[] requiredValue = new String[] { "mail" };
foreach (String value in requiredValue)
search.PropertiesToLoad.Add(value);
SearchResult result = search.FindOne();
if (result != null)
{
foreach (String value in requiredValue)
foreach (Object myCollection in result.Properties[value])
{
return myCollection.ToString();
}
}
else
{
return "No Entry fround";
}
}
catch (Exception e)
{
Console.WriteLine("Exception Problem: " + e.ToString());
return null;
}
return null;
}
private void cmdClose_Click(object sender, EventArgs e)
{
Close();
}
private void textBox1_TextChanged(object sender, EventArgs e)
{
label1.Text = getEmail(textBox1.Text);
}
推荐答案
您需要指定端口,因为636是默认的LDAPS端口.
You need to specify the port, since 636 is the default LDAPS port.
new DirectoryEntry("LDAP://192.168.2.59:636", USER, PWD)
我在某些代码中执行了此操作,并且使用"LDAP://"(而不是"LDAPS://")是可行的.
I do this in some of my code, and using "LDAP://" (not "LDAPS://") is what works.
如果这不起作用,则可能是证书错误.您可以使用浏览器进行测试.如果您使用的是Chrome,请使用此工具打开Chrome(这样就可以使用端口636):
If that doesn't work, then there may be a certificate error. You can test this with a browser. If you use Chrome, open Chrome with this (so it lets you use port 636):
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --explicitly-allowed-ports=636
然后转到 https://192.168.2.59:636 .如果收到较大的花式证书错误,则问题是该证书不受信任.从Chrome浏览器中查看证书,然后查看问题出在哪里.可以由不在Windows证书存储区中的授权机构颁发.
Then go to https://192.168.2.59:636. If you get a big fancy certificate error, then the problem is that the certificate is not trusted. View the certificate from Chrome and see what the problem is. It could be issued by an authority that is not in the Windows cert store.
这篇关于如何在C#中通过LDAPS连接到Active Directory?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
