【发布时间】:2021-03-09 22:02:52
【问题描述】:
这针对活动目录 LDAP 服务器。代码在 RHEL6 上运行。
代码:
static void waitforuser ( const char * netid ) {
LDAP * ld = NULL;
char ldapuri[] = "ldaps://windc1.iastate.edu";
char binddn[] = BINDDN;
int msgid = 0;
struct berval passwd = { 0, NULL };
int protocol = LDAP_VERSION3;
LDAPMessage * result = NULL;
LDAPMessage * msg = NULL;
int err = 0;
char ** refs = NULL;
char base[] = "dc=iastate,dc=edu";
int scope = LDAP_SCOPE_SUBORDINATE;
char * filter = NULL;
char ** attrs = NULL;
int attrsonly = 0;
LDAPControl ** sctrls = NULL;
LDAPControl ** cctrls = NULL;
LDAPControl ** ctrls = NULL;
char * matcheddn = NULL;
char * text = NULL;
struct timeval tv_timelimit = { 2, 0 };
int sizelimit = 0; /* no limit */
int rc = 0;
rc = ldap_initialize(&ld, ldapuri);
if (rc != LDAP_SUCCESS) {
fprintf(stderr,
"Could not create LDAP session handle for URI=%s (%d): %s\n",
ldapuri, rc, ldap_err2string(rc));
return;
}
fprintf(stderr, "about to ldap_set_option(PROTOCOL_VERSION)\n");
rc = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &protocol);
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n", protocol);
return;
}
fprintf(stderr, "about to ldap_simple_bind_s\n");
rc = ldap_simple_bind_s(ld, binddn, SHHHH);
fprintf(stderr, "ldap_simple_bind_s => %d (%s)\n", rc, ldap_err2string(rc));
asprintf(&filter, "sAMAccountName=%s", netid);
attrs = calloc(2, sizeof(char *));
attrs[0] = strdup("sAMAccountName");
attrs[1] = NULL;
rc = ldap_search_ext(ld, base, scope, filter, attrs, attrsonly,
sctrls, cctrls, &tv_timelimit, sizelimit, &msgid);
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "ldap_search_ext: %d (%s)\n", rc, ldap_err2string(rc));
return;
}
while ((rc = ldap_result(ld, msgid, LDAP_MSG_ONE, &tv_timelimit, &result)) > 0) {
fprintf(stderr, "There are %d messages\n", ldap_count_messages(ld, result));
for (msg = ldap_first_message(ld, result);
msg != NULL;
msg = ldap_next_message(ld, msg)) {
fprintf(stderr, " ldap_msgtype(%p) = %d\n", msg, ldap_msgtype(msg));
if (ldap_msgtype(msg) == LDAP_RES_SEARCH_RESULT) {
fprintf(stderr, " LDAP_RES_SEARCH_RESULT\n");
rc = ldap_parse_result(ld, msg, &err, &matcheddn, &text, &refs, &ctrls, 0);
fprintf(stderr, "ldap_parse_result: err: %d\n", err);
if (matcheddn) fprintf(stderr, "ldap_parse_result: matcheddn: '%s'\n", matcheddn);
fprintf(stderr, "ldap_parse_result: refs: %p\n", refs);
fprintf(stderr, "ldap_parse_result: ctrls: %p\n", ctrls);
if (rc != LDAP_SUCCESS) {
fprintf(stderr, "ldap_parse_result: ERR %d (%s)\n", rc, ldap_err2string(rc));
} else {
fprintf(stderr, "ldap_parse_result: text: '%s'\n", text ? text : "NULL!");
}
}
ldap_msgfree(result);
}
}
}
结果:
ldap_simple_bind_s => 0 (Success)
There are 1 messages
ldap_msgtype(0x1e738a0) = 101
LDAP_RES_SEARCH_RESULT
ldap_parse_result: err: 80
ldap_parse_result: refs: (nil)
ldap_parse_result: ctrls: (nil)
ldap_parse_result: text: '00000057: LdapErr: DSID-0C090B0B, comment: Error processing control, data 0, v3839'
使用 ldapsearch 工具的类似查询工作正常:
#!/bin/sh
netid="john"
user=xxxxxx@iastate.edu
passwdfile=/home/john/secret
base="dc=iastate,dc=edu"
connect="-s sub -W -D $user -y $passwdfile -b $base -LLL -l 2 -o nettimeout=2"
url=ldaps://windc1.iastate.edu
ldapsearch -H $url $connect sAMAccountName=$netid sAMAccountName
结果:
dn: CN=john,OU=Users,OU=ITS,DC=iastate,DC=edu
sAMAccountName: john
【问题讨论】:
-
你的函数太大而无法阅读。
-
您的 LDAP 服务器可能不支持“从属”搜索范围(我从未见过 OpenLDAP 或 Active Directory 支持开箱即用)。 ldapsearch'
-s sub的等价物是LDAP_SCOPE_SUBTREE。 @wildplasser 滚动条呢,是不是太大而无法使用? -
if (rc != LDAP_SUCCESS) {err(也),而不是rc? -
err被打印出来并且是'80'(无论这意味着什么)。并且有效的 ldapsearch 命令包括-s sub。 -
是的,我的意思是您需要将范围设置为
LDAP_SCOPE_SUBTREE而不是LDAP_SCOPE_SUBORDINATE才能获得相同的结果。
标签: c active-directory ldap