错误 0x80005000 和 DirectoryServices [英] Error 0x80005000 and DirectoryServices

问题描述

我正在尝试使用 .Net 中的目录服务运行一个简单的 LDAP 查询.

I'm trying to run a simple LDAP query using directory services in .Net.

    DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com");
    directoryEntry.AuthenticationType = AuthenticationTypes.Secure;

    DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);

    directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

    var result = directorySearcher.FindOne();
    var resultDirectoryEntry = result.GetDirectoryEntry();

    return resultDirectoryEntry.Properties["msRTCSIP-PrimaryUserAddress"].Value.ToString();

我收到以下异常:

System.Runtime.InteropServices.COMException (0x80005000): Unknown error (0x80005000)
  at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
  at System.DirectoryServices.DirectoryEntry.Bind()
  at System.DirectoryServices.DirectoryEntry.get_AdsObject()
  at System.DirectoryServices.DirectorySearcher.FindAll(Boolean findMoreThanOne)
  at System.DirectoryServices.DirectorySearcher.FindOne()

作为控制台应用程序中的一个片段，这是有效的.但是当我将它作为 WCF 服务的一部分运行时(在相同的凭据下运行)，它会引发上述异常.

As a snippet in a Console app, this works. But when I run it as part of a WCF service (run under the same credentials), it throws the above exception.

有什么建议吗?

谢谢

推荐答案

这是一个权限问题.

当您运行控制台应用程序时，该应用程序会使用您的凭据运行，例如作为你".

When you run the console app, that app runs with your credentials, e.g. as "you".

WCF 服务运行在哪里?在 IIS 中?最有可能的是，它在一个单独的帐户下运行，该帐户无权查询 Active Directory.

The WCF service runs where? In IIS? Most likely, it runs under a separate account, which is not permissioned to query Active Directory.

您可以尝试让 WCF 模拟工具正常工作，以便传递您自己的凭据，或者您可以在创建 DirectoryEntry 时指定用户名/密码:

You can either try to get the WCF impersonation thingie working, so that your own credentials get passed on, or you can specify a username/password on creating your DirectoryEntry:

DirectoryEntry directoryEntry = 
    new DirectoryEntry("LDAP://someserver.contoso.com/DC=contoso,DC=com", 
                       userName, password);

<小时>

好的，所以它可能不是凭据(我看到的超过 80% 的情况通常都是这种情况).

---

OK, so it might not be the credentials after all (that's usually the case in over 80% of the cases I see).

稍微改变你的代码怎么样?

What about changing your code a little bit?

DirectorySearcher directorySearcher = new DirectorySearcher(directoryEntry);
directorySearcher.Filter = string.Format("(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", username);

directorySearcher.PropertiesToLoad.Add("msRTCSIP-PrimaryUserAddress");

var result = directorySearcher.FindOne();

if(result != null)
{
   if(result.Properties["msRTCSIP-PrimaryUserAddress"] != null)
   {
      var resultValue = result.Properties["msRTCSIP-PrimaryUserAddress"][0];
   }
}

我的想法是:为什么不立即告诉 DirectorySearcher 您对什么属性感兴趣?然后你不需要再做一个额外的步骤来从搜索结果中获取完整的 DirectoryEntry(应该更快)，并且因为你告诉目录搜索器找到那个属性，它肯定会是加载到搜索结果中 - 所以除非它为空(未设置值)，否则您应该能够轻松检索它.

My idea is: why not tell the DirectorySearcher right off the bat what attribute you're interested in? Then you don't need to do another extra step to get the full DirectoryEntry from the search result (should be faster), and since you told the directory searcher to find that property, it's certainly going to be loaded in the search result - so unless it's null (no value set), then you should be able to retrieve it easily.

马克

这篇关于错误 0x80005000 和 DirectoryServices的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！