如何在 C# 中通过 LDAPS 连接到 Active Directory? [英] How to connect to Active Directory via LDAPS in C#?

问题描述

在本网站的回答主题中找到了文档(此处)，但我可以没有连接到 AD.当我使用像 Active Directory Explorer 这样的程序时，我可以连接.我想，因为我正在尝试连接到 LDAPS，所以我需要不同的方法?

Found a documentation (here) in an answer thread on this site but i can´t get an connection to an AD. When i use a program like Active Directory Explorer i can connect. I think, because i am trying to connect to a LDAPS i need a different approach?

我有服务器 IP、域、用户名/密码和端口 636.我尝试了各种组合@ new DirectoryEntry 但无法连接.总是得到一个 COMException Domain is not existing .

I have the server IP, a domain, username/pwd and the port 636. I tried various combinations @ new DirectoryEntry but couldn´t get it to connect. Always get a COMException Domain is not existing .

    static DirectoryEntry createDirectoryEntry()
    {
        DirectoryEntry ldapConnection = new DirectoryEntry("LDAP://192.168.2.59", USER, PWD);

        ldapConnection.AuthenticationType = AuthenticationTypes.SecureSocketsLayer;

        return ldapConnection;
    }            

<小时>

背景信息:用户将他的卡放置到读卡器单元.Porgram 从卡中获取 ID 并在数据库中搜索此 ID 并返回属于该 ID/用户的电子邮件地址.这里是可行的解决方案:

---

Background Infos: User places his card to a Card Reader Unit. Porgram gets ID from card and searches the DB for this ID and returns the eMail address belonging to the ID/User . And here the working solution:

        private string getEmail(string userID)
    {
        try
        {
            string ldapfilter = "(&(otherPager=" + userID + "))";

            DirectoryEntry myLdapConnection = new DirectoryEntry("LDAP://" + SERVER, USER, PWD);
            DirectorySearcher search = new DirectorySearcher(myLdapConnection);
            search.Filter = ldapfilter;

            /*search.PropertiesToLoad.Add("mail");
            SearchResult result = search.FindOne();*/

            string[] requiredValue = new String[] { "mail" };

            foreach (String value in requiredValue)
                search.PropertiesToLoad.Add(value);

            SearchResult result = search.FindOne();

            if (result != null)
            {
                foreach (String value in requiredValue)
                    foreach (Object myCollection in result.Properties[value])
                    {
                       return myCollection.ToString();
                    }    
            }
            else
            {
                return "No Entry fround";
            }
        }
        catch (Exception e)
        {
            Console.WriteLine("Exception Problem: " + e.ToString());
            return null;
        }
        return null;
    }



    private void cmdClose_Click(object sender, EventArgs e)
    {
        Close();
    }

    private void textBox1_TextChanged(object sender, EventArgs e)
    {
        label1.Text = getEmail(textBox1.Text);
    }

推荐答案

您需要指定端口，因为 636 是默认的 LDAPS 端口.

You need to specify the port, since 636 is the default LDAPS port.

new DirectoryEntry("LDAP://192.168.2.59:636", USER, PWD)

我在我的一些代码中这样做了，使用LDAP://"(不是LDAPS://")是有效的.

I do this in some of my code, and using "LDAP://" (not "LDAPS://") is what works.

如果这不起作用，则可能是证书错误.您可以使用浏览器对此进行测试.如果您使用 Chrome，请打开 Chrome(这样您就可以使用端口 636):

If that doesn't work, then there may be a certificate error. You can test this with a browser. If you use Chrome, open Chrome with this (so it lets you use port 636):

"C:Program Files (x86)GoogleChromeApplicationchrome.exe" --explicitly-allowed-ports=636

然后转到https://192.168.2.59:636.如果您收到一个很大的花哨的证书错误，那么问题在于该证书不受信任.从 Chrome 查看证书并查看问题所在.它可能由不在 Windows 证书存储中的机构颁发.

Then go to https://192.168.2.59:636. If you get a big fancy certificate error, then the problem is that the certificate is not trusted. View the certificate from Chrome and see what the problem is. It could be issued by an authority that is not in the Windows cert store.

这篇关于如何在 C# 中通过 LDAPS 连接到 Active Directory?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！