c# 通过 LDAP 对抗 Active Directory
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/469588/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
c# against Active Directory over LDAP
提问by 78lro
I'm coding some c# against Active Directory and have tried endlessly to get this to work to no avail. The following code works and the code that follows it does not:
我正在针对 Active Directory 编写一些 c# 代码,并无休止地尝试使其正常工作,但无济于事。以下代码有效,其后的代码无效:
The code below is using "WinNT://" + Environment.MachineName + ",Computer" to make the connection and works fine.
下面的代码使用“WinNT://”+ Environment.MachineName +“,Computer”来建立连接并且工作正常。
DirectoryEntry localMachine = new DirectoryEntry
("WinNT://" + Environment.MachineName + ",Computer");
DirectoryEntry admGroup = localMachine.Children.Find
("Administrators", "group");
object members = admGroup.Invoke("members", null);
foreach (object groupMember in (IEnumerable)members)
{
DirectoryEntry member = new DirectoryEntry(groupMember);
output.RenderBeginTag("p");
output.Write(member.Name.ToString());
output.RenderBeginTag("p");
}
base.Render(output);
I'm now trying to change the line:
我现在正在尝试更改行:
"WinNT://" + Environment.MachineName + ",Computer"
to
到
"LDAP://MyDomainControllerName"
but it seems no matter what value I try in place of the value 'MyDomainControllerName' it wont work.
但似乎无论我尝试什么值来代替值 'MyDomainControllerName' 它都行不通。
To get the 'MyDomainControllerName' value I right clicked on MyComputer and copied the computer name value as suggested elsewhere but this didn't work.
为了获得“MyDomainControllerName”值,我右键单击了 MyComputer 并按照其他地方的建议复制了计算机名称值,但这不起作用。
When I try using the LDAP://RootDSE option above it results in the following error:
当我尝试使用上面的 LDAP://RootDSE 选项时,会导致以下错误:
The Active Directory object located at the path LDAP://RootDSE is not a container
位于路径 LDAP://RootDSE 的 Active Directory 对象不是容器
Is this a problem with the member methods as you mention?
这是您提到的成员方法的问题吗?
采纳答案by Robert Iver
When connecting to AD using the .NET Framework, you can use "serverless" binding or you can specify a server to use everytime (server bound).
使用 .NET Framework 连接到 AD 时,您可以使用“无服务器”绑定,也可以指定每次使用的服务器(服务器绑定)。
Here's an example of using both:
这是使用两者的示例:
// serverless
DirectoryEntry rootConfig = new DirectoryEntry("LDAP://dc=domainname,dc=com");
// server bound
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://domainControllerName/dc=domainName,dc=com");
I think where you were going astray is you forgot to include the FQDN for your domain on the end. Hope this helps.
我认为您误入歧途的地方是您最后忘记包含域的 FQDN。希望这可以帮助。
回答by Glennular
You need to pass it an authorized Username and password.
try setting: DirectoryEntry.Username and DirectoryEntry.Password
您需要向它传递一个授权的用户名和密码。
尝试设置: DirectoryEntry.Username 和 DirectoryEntry.Password
回答by Glennular
have you tried speciying the port number and other parms?
您是否尝试过指定端口号和其他参数?
Our ldap string looks like: LDAP://myserver:1003/[email protected]|1,ou=Members,o=mdhfw2
我们的 ldap 字符串看起来像:LDAP://myserver:1003/[email protected]|1,ou=Members,o=mdhfw2
回答by Ryan
It looks like you need to get the LDAP connection information. You can call LDAP://RootDSE to get the information as shown in the ASP.NET Wiki.
看起来您需要获取 LDAP 连接信息。您可以调用 LDAP://RootDSE 来获取ASP.NET Wiki 中显示的信息。
Please keep in mind that the LDAP objects do not have the same member methods and properties as the WINNT objects, so do not expect the group.Invoke("members") and other functions to work exactly the same. You should read up on the DirectoryServices documentationwith LDAP as well.
请记住,LDAP 对象没有与 WINNT 对象相同的成员方法和属性,因此不要期望 group.Invoke("members") 和其他函数完全相同。您还应该阅读有关LDAP的DirectoryServices 文档。
回答by marc_s
Yes- RootDSE is not a container - but it holds a number of interesting properties which you can query for - e.g. the name of your domain controller(s).
是的 - RootDSE 不是一个容器 - 但它拥有许多您可以查询的有趣属性 - 例如您的域控制器的名称。
You can check these out by using code like this:
您可以使用以下代码检查这些:
DirectoryEntry deRoot = new DirectoryEntry("LDAP://RootDSE");
if (deRoot != null)
{
Console.WriteLine("Default naming context: " + deRoot.Properties["defaultNamingContext"].Value);
Console.WriteLine("Server name: " + deRoot.Properties["serverName"].Value);
Console.WriteLine("DNS host name: " + deRoot.Properties["dnsHostName"].Value);
Console.WriteLine();
Console.WriteLine("Additional properties:");
foreach (string propName in deRoot.Properties.PropertyNames)
Console.Write(propName + ", ");
Console.WriteLine();
}
Or save yourself the trouble and go grab my "Beavertail ADSI Browser" in C# source code - shows in detail how to connect to RootDSE and what it offers.
或者省去麻烦,去获取我的C# 源代码中的“ Beavertail ADSI Browser” - 详细展示了如何连接到 RootDSE 及其提供的功能。
