连接到通过LDAP的Active Directory [英] Connect to Active Directory via LDAP

问题描述

我想用C＃连接到我们的本地Active Directory。

I want to connect to our local Active Directory with C#.

从来就发现这种良好的文档。

但我真的不明白如何通过LDAP连接。

But I really dont get how to connect via LDAP.

可你有人解释如何使用要求的参数？

Can somebody of you explain how to use the asked parameters?

样品code：

  static DirectoryEntry createDirectoryEntry()  
  {  
     // create and return new LDAP connection with desired settings  

     DirectoryEntry ldapConnection     = new DirectoryEntry("rizzo.leeds-art.ac.uk");  
     ldapConnection.Path               = "LDAP://OU=staffusers,DC=leeds-art,DC=ac,DC=uk";  
     ldapConnection.AuthenticationType = AuthenticationTypes.Secure;  
     return ldapConnection;  
  }  

我只是主机名和我们的Active Directory服务器的IP联系地址。这意味着，DC = XXX，DC = XX等。

I just have the Hostname and the IP Adress of our Active Directory Server. What means that DC=xxx,DC=xx and so on.

感谢你在前进。

推荐答案

DC是你的域名。如果您想连接到域example.com比你的DC的有：DC =示例，DC = COM

DC is your domain. If you want to connect to the domain example.com than your dc's are: DC=example,DC=com

您其实并不需要你的域控制器的任何主机名或IP地址（有可能是很多人）。

You actually don't need any hostname or ip address of your domain controller (There could be plenty of them).

只是成像要连接到域本身。因此，对于连接到域example.com，你可以简单的写

Just imaging you're connecting to the domain itself. So for connecting to the domain example.com you can simply write

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");

和你就大功告成了。

您也可以指定一个用户和用于连接密码：

You can also specify a user and a password used to connect:

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com", "username", "password");

此外，一定要始终用大写字母写LDAP。我遇到了一些麻烦和奇怪的例外，直到我读的地方要尽量写IST大写和解决了我的问题。

Also be sure to always write LDAP in upper case. I had some trouble and strange exceptions until I read somewhere to try to write ist upper case and that solved my problems.

在 directoryEntry.Path 属性可以让你更深入地研究你的域名。所以，如果你要搜索一个特定的OU（组织单位），用户可以在此设置。

The directoryEntry.Path Property allows you to dive deeper into your domain. So if you want to search a user in a specific OU (Organizational Unit) you can set it there.

DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
directoryEntry.Path = "LDAP://OU=Specific Users,OU=All Users,OU=Users,DC=example,DC=com";

这将匹配以下AD层次：

This would match the following AD hierarchy:

• 在COM
  • 例子
    • 用户
      • 在所有用户
        • 在特定用户
        • com
          • example
            • Users
              • All Users
                • Specific Users

                从简单到最深处写最高层次。

                Simply write the hierarchy from deepest to highest.

                <一个href="http://www.$c$cproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C">Now你可以做很多事情

                例如搜索用户通过帐户名和获得它的姓：

                For example search a user by account name and get its surname:

                DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
                DirectorySearcher searcher = new DirectorySearcher(directoryEntry) {
                    PageSize = int.MaxValue,
                    Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=AnAccountName))"
                };
                
                searcher.PropertiesToLoad.Add("sn");
                
                var result = searcher.FindOne();
                
                if (result == null) {
                    return; // Or whatever you need to do in this case
                }
                
                string surname;
                
                if (result.Properties.Contains("sn")) {
                    surname = result.Properties["sn"][0].ToString();
                }
                

                这篇关于连接到通过LDAP的Active Directory的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！