如何连接到本地安装的 OpenLDAP 服务? [英] How do I connect to a locally installed OpenLDAP service?

问题描述

我一直在尝试 .Net 3.5 PrincipalContext，试图建立与安装在与我的 Visual Studio 2010 IDE 相同的机器上的 OpenLDAP 的连接(机器名称是 dev001).

I've been banging my head against the .Net 3.5 PrincipalContext, trying to establish a connection to OpenLDAP that is installed on the same machine as my Visual Studio 2010 IDE (machine name is dev001).

这是我的简单 LDAP 结构:

Here is my simple LDAP structure:

• 基础 (dc=test,dc=com)
• testadmin (cn=testadmin,dc=test,dc=com)
• 帐户(dc=accounts,dc=test,dc=com)
• testuser (cn=testuser,dc=accounts,dc=test,dc=com)

这是我尝试过的代码片段:

Here are the code snippets I've tried:

片段#1:名称组合:localhost"、localhost:389"、dev001"、dev001:389"、test"、test.com"

Snippet #1 : Combinations of name: "localhost", "localhost:389", "dev001", "dev001:389", "test", "test.com"

PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, "localhost", "dc=accounts,dc=test,dc=com", "cn=testadmin,dc=test,dc=com", "testadminpassword");

片段 #2 名称组合:localhost"、localhost:389"、dev001"、dev001:389"、test"、test.com"

Snippet #2 Combinations of name: "localhost", "localhost:389", "dev001", "dev001:389", "test", "test.com"

PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, "localhost", "dc=accounts,dc=test,dc=com", "testadmin", "testadminpassword");

我尚未建立与服务器的连接.

I have yet to establish a connection to the server.

当我使用localhost"、localhost:389"、dev001"、dev001:389"或test"时，出现错误:

When I use "localhost", "localhost:389", "dev001", "dev001:389", or "test", I get the error:

System.NullReferenceException:对象引用未设置为对象的实例.

当我使用test.com"时出现错误:

When I use "test.com" I get the error:

System.DirectoryServices.AccountManagement.PrincipalServerDownException:无法联系服务器.---> System.DirectoryServices.Protocols.LdapException: LDAP 服务器不可用.

推荐答案

您的第一个问题是使用 System.DirectoryServices 命名空间.那里的类​​只适用于 Active Directory.我早就放弃了 System.DirectoryServices.Protocols 命名空间以及大多数其他人.这里有一些代码可用于帮助您开始连接.

Your first problem is using the System.DirectoryServices namespace. The classes in there only work well with Active Directory. I've long ago abandoned it for the System.DirectoryServices.Protocols namespace as well as most other people. Here's some code you can use to get you started in connecting.

var host = "localhost:389";
var credential = new NetworkCredential("user", "secret");

using (var con = new LdapConnection(host) { Credential = credential, AuthType = AuthType.Basic, AutoBind = false })
{
    con.SessionOptions.ProtocolVersion = 3;
    con.SessionOptions.VerifyServerCertificate = new VerifyServerCertificateCallback(VerifyCertDelegate);
    //con.SessionOptions.StartTransportLayerSecurity(new DirectoryControlCollection());
    con.Bind()
    //Do other ldap operations here such as setting the user password
    var pass = "newpass";
    var req = new ModifyRequest
    {
        DistinguishedName = "cn=user,ou=test,dc=example,dc=com"
    };

    var dam = new DirectoryAttributeModification
    {
        Name = "userPassword",
        Operation = DirectoryAttributeOperation.Replace
    };
    dam.Add(pass);
    req.Modifications.Add(dam);

    con.SendRequest(req);
}

请注意，上面的 TLS 是关闭的.如果您想要安全连接，请在端口 636 上使用 ssl.Microsoft ldap 库有一个竞争条件，当在 Web 服务器环境中同时进行两个 ldap 调用时，会导致您的 cpu 在无限循环中达到峰值.

Notice that in the above TLS is turned off. If you want a secure connection use ssl on port 636. The microsoft ldap libraries have a race condition that will cause your cpu to spike in an infinite loop when two simultaneous ldap calls are made such as in a web server environment.

这篇关于如何连接到本地安装的 OpenLDAP 服务?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！