C# 通过 LDAP 连接到 Active Directory
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14813452/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Connect to Active Directory via LDAP
提问by Waren Schild
I want to connect to our local Active Directory with C#.
我想使用 C# 连接到我们的本地 Active Directory。
I've found this good documentation.
我找到了这个很好的文档。
But I really don't get how to connect via LDAP.
但我真的不知道如何通过 LDAP 连接。
Can somebody of you explain how to use the asked parameters?
你们中有人可以解释如何使用所询问的参数吗?
Sample Code:
示例代码:
static DirectoryEntry createDirectoryEntry()
{
// create and return new LDAP connection with desired settings
DirectoryEntry ldapConnection = new DirectoryEntry("rizzo.leeds-art.ac.uk");
ldapConnection.Path = "LDAP://OU=staffusers,DC=leeds-art,DC=ac,DC=uk";
ldapConnection.AuthenticationType = AuthenticationTypes.Secure;
return ldapConnection;
}
I just have the Hostname and the IP Address of our Active Directory Server. What does DC=xxx,DC=xxand so on mean?
我只有我们的 Active Directory 服务器的主机名和 IP 地址。这是什么DC=xxx,DC=xx等等是什么意思?
采纳答案by The-First-Tiger
DC is your domain. If you want to connect to the domain example.com than your dc's are: DC=example,DC=com
DC 是您的域。如果您想连接到域 example.com,那么您的 dc 是: DC=example,DC=com
You actually don't need any hostname or ip address of your domain controller (There could be plenty of them).
您实际上不需要域控制器的任何主机名或 IP 地址(可能有很多)。
Just imagine that you're connecting to the domain itself. So for connecting to the domain example.com you can simply write
想象一下,您正在连接到域本身。因此,为了连接到域 example.com,您可以简单地编写
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
And you're done.
你已经完成了。
You can also specify a user and a password used to connect:
您还可以指定用于连接的用户和密码:
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com", "username", "password");
Also be sure to always write LDAP in upper case. I had some trouble and strange exceptions until I read somewhere that I should try to write it in upper case and that solved my problems.
还要确保始终以大写形式写入 LDAP。我遇到了一些麻烦和奇怪的异常,直到我在某处读到我应该尝试用大写写它并解决了我的问题。
The directoryEntry.PathProperty allows you to dive deeper into your domain. So if you want to search a user in a specific OU (Organizational Unit) you can set it there.
该directoryEntry.Path属性允许您更深入地了解您的领域。因此,如果您想在特定 OU(组织单位)中搜索用户,您可以将其设置在那里。
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
directoryEntry.Path = "LDAP://OU=Specific Users,OU=All Users,OU=Users,DC=example,DC=com";
This would match the following AD hierarchy:
这将匹配以下 AD 层次结构:
- com
- example
- Users
- All Users
- Specific Users
- All Users
- Users
- example
- 电脑
- 例子
- 用户
- 全部用户
- 特定用户
- 全部用户
- 用户
- 例子
Simply write the hierarchy from deepest to highest.
只需从最深到最高编写层次结构。
Now you can do plenty of things
For example search a user by account name and get the user's surname:
例如通过帐户名搜索用户并获取用户的姓氏:
DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://example.com");
DirectorySearcher searcher = new DirectorySearcher(directoryEntry) {
PageSize = int.MaxValue,
Filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=AnAccountName))"
};
searcher.PropertiesToLoad.Add("sn");
var result = searcher.FindOne();
if (result == null) {
return; // Or whatever you need to do in this case
}
string surname;
if (result.Properties.Contains("sn")) {
surname = result.Properties["sn"][0].ToString();
}
回答by s.lenders
ldapConnection is the server adres: ldap.example.com Ldap.Connection.Path is the path inside the ADS that you like to use insert in LDAP format.
ldapConnection 是服务器地址:ldap.example.com Ldap.Connection.Path 是您喜欢使用的 ADS 中的路径,以 LDAP 格式插入。
OU=Your_OU,OU=other_ou,dc=example,dc=com
OU=Your_OU,OU=other_ou,dc=example,dc=com
You start at the deepest OU working back to the root of the AD, then add dc=X for every domain section until you have everything including the top level domain
您从最深的 OU 开始回到 AD 的根目录,然后为每个域部分添加 dc=X,直到您拥有包括顶级域在内的所有内容
Now i miss a parameter to authenticate, this works the same as the path for the username
现在我错过了一个参数进行身份验证,这与用户名的路径相同
CN=username,OU=users,DC=example,DC=com
CN=用户名,OU=用户,DC=示例,DC=com
回答by Pavan
If your email address is '[email protected]', try changing the createDirectoryEntry() as below.
如果您的电子邮件地址是“[email protected]”,请尝试如下更改 createDirectoryEntry()。
XYZ is an optional parameter if it exists in mydomain directory
XYZ 是可选参数,如果它存在于 mydomain 目录中
static DirectoryEntry createDirectoryEntry()
{
// create and return new LDAP connection with desired settings
DirectoryEntry ldapConnection = new DirectoryEntry("myname.mydomain.com");
ldapConnection.Path = "LDAP://OU=Users, OU=XYZ,DC=mydomain,DC=com";
ldapConnection.AuthenticationType = AuthenticationTypes.Secure;
return ldapConnection;
}
This will basically check for com -> mydomain -> XYZ -> Users -> abcd
这将基本上检查 com -> mydomain -> XYZ -> Users -> abcd
The main function looks as below:
主要功能如下所示:
try
{
username = "Firstname LastName"
DirectoryEntry myLdapConnection = createDirectoryEntry();
DirectorySearcher search = new DirectorySearcher(myLdapConnection);
search.Filter = "(cn=" + username + ")";
....
