我正在寻找可以帮助我通过SSL从活动目录获取用户对象的架构属性信息的方法或搜索过滤器。
我正在使用LdapConnection类连接到服务器。可以很容易地对服务器进行身份验证。
以下是用于验证的代码:
public bool Authenticate(string password)
{
try
{
var credential = new NetworkCredential(UserName, password, Domain);
var ldapServer = Domain;
var ldapConnection = new LdapConnection(ldapServer);
ldapConnection.Bind(credential);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return false;
}
return false;
}
它返回成功结果。
我的要求是使用LdapConnection搜索请求获取Active Directory中存在的用户对象的所有架构属性。
DirectoryEntry或PrincipalContext易于用户获取架构信息,但就我而言,我只需要LdapConnection类中的所有信息。
这是我搜索用户的方式,但这是获取用户信息的方法,我只需要架构信息,并且此方法仅返回那些具有值的属性。
LdapConnection connection = new LdapConnection(ldapServer);
connection.SessionOptions.SecureSocketLayer = true;
connection.SessionOptions.VerifyServerCertificate = (ldapConnection, certificate) => true;
connection.AuthType = AuthType.Negotiate;
NetworkCredential credential = new NetworkCredential(username, password);
connection.Credential = credential;
connection.Bind();
string filter = string.Format(CultureInfo.InvariantCulture, "(&(objectClass=user)(objectCategory=user) (sAMAccountName={0}))", LdapEncode(username));
var attributes = new[] { "sAMAccountName", "displayName", "mail" };
SearchRequest searchRequest = new SearchRequest(baseDn, filter, SearchScope.Subtree, attributes);
var searchResponse = (SearchResponse)connection.SendRequest(searchRequest);
if (searchResponse?.ResultCode == ResultCode.Success)
{
var entry = searchResponse.Entries[0];
var model = new LdapUserModel
{
Identity = GetStringValue(entry, "sAMAccountName"),
Email = GetStringValue(entry, "mail"),
Username = GetStringValue(entry, "sAMAccountName"),
};
return model;
}