.Net 中的 LDAP 目录条目 - 不适用于 OU=Users [英] LDAP Directory Entry in .Net - not working with OU=Users
问题描述
我有以下代码(C#):
I have the following code (C#):
(调整自:http://www.eggheadcafe.com/conversation.aspx?messageid=31766061&threadid=31766050)
DirectorySearcher dseSearcher = new DirectorySearcher();
string rootDSE = dseSearcher.SearchRoot.Path;
DirectoryEntry rootDE = new DirectoryEntry(rootDSE);
string userDSE = rootDSE.Insert(7, "OU=Users,");
DirectoryEntry userDE = new DirectoryEntry(userDSE);
rootDSE 已正确创建,但是用户 userDSE 无法使用并抛出服务器上没有此类对象".如果我尝试使用它,则会出现异常.
The rootDSE is created correctly, however, the user userDSE is unusable and throws "There is no such object on the server" exception if I attempt to use it.
LDAP 字符串如下:
The LDAP strings are as follows:
根目录:LDAP://DC=company,DC=local
Root: LDAP://DC=company,DC=local
用户:LDAP://OU=Users,DC=company,DC=local
User: LDAP://OU=Users,DC=company,DC=local
我以管理员身份在 Vista 上运行,但也需要它在 XP(管理员)上运行.
I'm running on Vista as Admin, but need this to work on XP (Admin) as well.
我是 LDAP 和目录管理的新手,所以我在这里摸不着头脑.有什么想法吗?另外 - 任何可以链接的文章也可以让我了解它是如何工作的.
I'm new to LDAP and Directory Management, so I'm stumbling around in the dark here. Any thoughts? Also - any articles to link too that could give me some insight into how it all works would be appreciated.
推荐答案
作为测试,我会尝试的第一件事是在创建这样的目录条目时硬编码所需的路径:
The first thing I would try as a test is to hardcode your desired path when you create a directory entry like so:
DirectoryEntry de = new DirectoryEntry("LDAP://OU=Users,DC=company,DC=local");
这将很快告诉您这是否是您的 Active Directory 中的实际路径.我不知道您的 AD 是什么样子,所以我无法告诉您这是否是有效路径.在您的 Active Directory 用户和计算机 MMC 插件下,如果此路径正确,那么您应该有您的根域,并且根目录下有一个名为 Users 的 OU 文件夹.
This will tell you pretty quick if this is an actual path in your Active Directory. I don't know what your AD looks like so I can't tell you if this is a valid path or not. Under your Active Directory Users and Computers MMC plugin, if this path is correct, then you should have your root domain, and a OU folder under the root called Users.
路径是在 AD 中向后生成的,因此如果您的用户文件夹位于根目录之外的另一个 OU 下,那么它将是
Paths are generated backwards in AD, so if your Users folder is under another OU off the root than it would be
DirectoryEntry de = new DirectoryEntry("LDAP://OU=Users,OU=<first OU folder>,DC=company,DC=local");
所以您的 AD 架构如下所示:
So your AD schema would look like:
Root
|
--><first OU folder>
|
-->Users
一篇关于如何在 .NET 中管理 Active Directory 的精彩文章:
A great article on how to manage Active Directory in .NET:
操作方法:做(几乎) 通过 C# 在 Active Directory 中的所有内容
您可能还想研究 .Net 3.5 框架中提供的 System.DirectoryServices、System.DirectoryServices.ActiveDirectory 和 System.DirectoryServices.AccountManagement 命名空间.我相信 System.DirectoryServices 和 ActiveDirctory 命名空间在 .Net 1.1 中可用,AccountManagement 是在 .Net 3.5 中引入的.
You might also want to research the System.DirectoryServices, System.DirectoryServices.ActiveDirectory, and the System.DirectoryServices.AccountManagement namespaces provided in the .Net 3.5 Framework. I believe System.DirectoryServices, and ActiveDirctory namespaces were available staring in .Net 1.1, and AccountManagement was introduced in .Net 3.5.
附录:
要真正在 AD 中找到用户,您需要执行以下操作:
To actually find a user in AD you will want to do the following:
DirectoryEntry de = new DirectoryEntry();
de.Path = "LDAP://DC=company,DC=local";
de.AuthenticationType = AuthenticationTypes.Secure;
DirectorySearcher deSearch = new DirectorySearcher();
deSearch.SearchRoot = de;
deSearch.Filter = "(&(objectClass=user) (cn=" + username + "))";
SearchResult result = deSearch.FindOne();
if (result != null)
{
DirectoryEntry deUser = new DirectoryEntry(result.Path);
... do what ever you need to the deUser
deUser.Close();
}
这篇关于.Net 中的 LDAP 目录条目 - 不适用于 OU=Users的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
