【问题标题】:AD not returning the groups which authenticated user belong toAD 不返回经过身份验证的用户所属的组
【发布时间】:2012-01-13 22:57:40
【问题描述】:

我能够使用 LDAP 验证给定用户 - 域、用户名和密码,但无法检索他与之关联的组:(

这里是我使用的代码

Public Function ValidateActiveDirectoryLogin(ByVal domainName As String, ByVal userName As String, ByVal userPassword As String) As Boolean
        Dim isValidated As Boolean = False

    Try

        Dim ldapPath As String = "LDAP://" & domainName
        Dim dirEntry As New DirectoryEntry(ldapPath, userName, userPassword, AuthenticationTypes.Secure)
        Dim dirSearcher As New DirectorySearcher(dirEntry)

        dirSearcher.Filter = "(SAMAccountName=" & userName & ")"
        dirSearcher.PropertiesToLoad.Add("memberOf")

        Dim result As SearchResult = dirSearcher.FindOne()

        If Not result Is Nothing Then

                For Each x As DictionaryEntry In result.Properties
                    x.Key.ToString()

                    'DirectCast(x, System.Collections.DictionaryEntry).Key()
                Next

                Dim groupCount As Integer = result.Properties("memberOf").Count
                Dim isInGroup As Boolean = False

                For index As Integer = 0 To groupCount - 1
                    Dim groupDN As String = result.Properties("memberOf").Item(index).ToString

                    Dim equalsIndex As Integer = groupDN.IndexOf("=")
                    Dim commaIndex As Integer = groupDN.IndexOf(",")

                    Dim group As String = groupDN.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToLower
                    If group.Equals(groupName.ToLower) Then
                        isInGroup = True
                        Exit For
                    End If
                Next index

                isValidated = isInGroup
        End If
    Catch ex As Exception
        Throw New Exception(ex.Message)
    End Try

    Return isValidated

End Function

请帮忙...

文奇

【问题讨论】:

    标签: vb.net active-directory ldap


    【解决方案1】:

    这是我将使用的方式,抱歉,这是我从 C# 转换为 VB.Net 的代码

    ` Connection to Active Directory
    Dim deBase As DirectoryEntry = New DirectoryEntry("LDAP://192.168.183.100:389/dc=dom,dc=fr", "jpb", "pwd")
    
    ` Directory Search for the group your are interested in
    Dim dsLookForGrp As DirectorySearcher = New DirectorySearcher(deBase)
    dsLookForGrp.Filter = String.Format("(cn={0})", "yourgroup")
    dsLookForGrp.SearchScope = SearchScope.Subtree
    dsLookForGrp.PropertiesToLoad.Add("distinguishedName")
    Dim srcGrp As SearchResult = dsLookForGrp.FindOne
    
    If (Not (srcGrp) Is Nothing) Then
        Dim dsLookForUsers As DirectorySearcher = New DirectorySearcher(deBase)
        dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties("distinguishedName")(0))
        dsLookForUsers.SearchScope = SearchScope.Subtree
        dsLookForUsers.PropertiesToLoad.Add("objectSid")
        dsLookForUsers.PropertiesToLoad.Add("userPrincipalName  ")
        dsLookForUsers.PropertiesToLoad.Add("sAMAccountName")
        Dim srcLstUsers As SearchResultCollection = dsLookForUsers.FindAll
        For Each sruser As SearchResult In srcLstUsers
            Console.WriteLine("{0}", sruser.Path)
            ` Here Test if you username is insode 
            Console.WriteLine(""& vbTab&"{0} : {1} ", "sAMAccountName", sruser.Properties("sAMAccountName")(0))
        Next
    End If
    

    注意主要组是由primaryGroupID 给出的,它不是一个DN,而是一个ID,它是组SID 的lasr 部分。

    最后一件事,但您也可以使用Managing Directory Security Principals in the .NET Framework 3.5 来完成。这是 C# 中的示例

    /* Retreiving a principal context
     */
    Console.WriteLine("Retreiving a principal context");
    PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "PWD");
    
    
    /* Look for all the groups a user belongs to
     */
    UserPrincipal aUser = UserPrincipal.FindByIdentity(domainContext, "user1");
    PrincipalSearchResult<Principal> a =  aUser.GetAuthorizationGroups();
    
    foreach (GroupPrincipal gTmp in a)
    {
      Console.WriteLine(gTmp.Name);    
    }
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2020-06-23
      • 1970-01-01
      • 1970-01-01
      • 2020-11-15
      • 2016-01-17
      • 2018-01-07
      • 1970-01-01
      相关资源
      最近更新 更多