C#Active Directory,在特定的OU中登录
作者:互联网
我只想登录一个特定的OU,而不要登录以前的OU.
我的父函数是:
if (Autentificado("LDAP://localhost/DC=ic,DC=enterprise,DC=us", user, pass, "cn=SpecificPeople,ou=Users,ou=Aplications,dc=ic,dc=enterprise,dc=us") != "")
{
return "OK";
}
它包含服务器方向,路径,用户,传递和“ memberof”过滤器的字符串:
public static string Autentificado(string ldap, string usr, string pwd,string member)
{
try
{
DirectoryEntry entry = new DirectoryEntry(ldap, usr, pwd);
DirectorySearcher search = new DirectorySearcher(entry)
{
Filter = "(&(objectCategory=person)(memberof=" + member + "))"
};
search.PropertiesToLoad.Add("sn");
SearchResult result = search.FindOne();
return result.Properties["sn"][0].ToString();
}
catch (DirectoryServicesCOMException cex)
{
Console.WriteLine(cex);
}
catch (Exception ex)
{
Console.WriteLine(ex);
}
return "";
}
它返回正确的用户“ OU = Users”,但返回其他OU或DC的用户.我希望人们只能登录“ OU = Users”.
提前致谢.
更新1:
我认为问题出在我的LDAP的结构和DirectorySearcher的过滤器上:
DC=US
-DC=enterprise
-DC=ic
-OU=Apps
-OU=1
-OU=2
-OU=USERS
如果我使用:SearchScope.Subtree,则在所有目录中搜索.SearchScope.OneLevel,它在DC =企业或所有OU = Apps中搜索(如果我没记错的话).SearchScope.Base,在DC =中搜索我们.
我希望搜索仅在OU = USERS中进行,而不在其他目录(OU = 1,OU = 2)中进行.
更新2
我的GETUSER功能是:
DirectoryEntry usercheck = GetUser(user, pass,"LDAP://someIP:389/CN=qualifiers,OU=USERS,OU=Aplications,DC=ic,DC=enterprise,DC=us");
在“ DirectoryEntry searchRoot”中,我需要设置用于输入LDAP的用户和密码.如果没有,那我就会出错:
using (DirectoryEntry searchRoot = new DirectoryEntry(rootWeAreLooking,"ic\\"+userName,pass, AuthenticationTypes.None))
我看到这可能是可行的,但是它会在OU = Aplications的所有目录中搜索.
我认为我需要按CN =限定词进行过滤,但是我不知道该怎么做.
更新3
我需要尝试正确,但是我认为我做的过滤器正确:
searcher.Filter = String.Format("(&(objectCategory=person)(memberof=CN=qualifiers,OU=USERS,OU=Aplications,DC=ic,DC=enterprise,DC=us)(sAMAccountName={0}))", userName);
解决方法:
因此,我刚刚创建了执行所需功能的代码.我将代码分为多种方法,因此您可以在其他地方使用诸如ValidateUser之类的一些单一函数.
>在广告中找到用户,并在您要搜索的ou(根)中确保退出
>现在,我们知道他被允许“登录”,我们正在针对AD验证他的密码.
>如果一切正常,则用户位于OU = USER(对于您而言)中,并且密码正确
private void TestTheMethods()
{
//Search for the user, in the ou "user"
DirectoryEntry user = GetUser("FirstName LastName","FullOrganisationUnitPath");
//Found user?
if (user == null) { return; }
//ValidateUser
if (!ValidateUser(user, "userPassword")) { return; }
}
public DirectoryEntry GetUser(string userName, string rootWeAreLooking = "")
{
DirectoryEntry user = null;
using(DirectoryEntry searchRoot = new DirectoryEntry(rootWeAreLooking))
using(DirectorySearcher searcher = new DirectorySearcher(searchRoot))
{
searcher.Filter = String.Format("(&(objectCategory=person)(cn={0}))",userName);
//searcher.SearchScope = SearchScope.Subtree;
//SearchScope.Subtree --> Search in all nested OUs
//SearchScope.OneLevel --> Search in the Ou underneath
//SearchScope.Base --> Search in the current OU
search.SearchScope = SearchScope.OneLevel;
SearchResult result = searcher.FindOne();
if (result == null) { return null; }
//Found user
return result.GetDirectoryEntry();
}
}
public Boolean ValidateUser(DirectoryEntry entry, string pwd)
{
Boolean isValid = false;
try
{
DirectoryEntry validatedUser = new DirectoryEntry(entry.Path, entry.Name.Remove(0,3), pwd);
//Check if we can access the Schema
var Name = validatedEntry.SchemaEntry;
//User exits, username is correct and password is accepted
isValid = true;
}
catch(DirectoryServicesCOMException ex)
{
isValid = false;
///User wrong? wrong password?
}
return isValid;
}
标签:active-directory,c 来源: https://codeday.me/bug/20191028/1952766.html