我有一个非常广泛的应用程序,它是通过OID为多个Web应用程序提供SSO而构建的。问题是我们已经看到一些用户对其中一个应用程序的角色“孤立”。我编写了一个方法,为有权访问该角色的所有用户返回可分辨名称。为了执行清理,我试图确保在上一步中返回的用户实际存在于OID中。我在搜索用户或角色时一直在使用System.DirectoryServices.Protocols.SearchRequest类,但它不适用于可分辨名称。以下是我的方法。已经改变了几次尝试不同的方法使它工作。
Public Function GetUserByDN(UserDN As String) As SearchResultEntry
Dim searchString As String = String.Format("baseDN={0}", UserDN)
Dim containerDN As String = Nothing
If _extranet Then
containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_ExternalDomain")
Else
containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_InternalDomain")
End If
Dim attributes(14) As String
attributes(0) = DIRECTORY_UNIQUE_ID
attributes(1) = DIRECTORY_FIRST_NAME
attributes(2) = DIRECTORY_LAST_NAME
attributes(3) = DIRECTORY_EMAIL_ADDRESS
attributes(4) = DIRECTORY_TELEPHONE
attributes(5) = DIRECTORY_STREET
attributes(6) = DIRECTORY_CITY
attributes(7) = DIRECTORY_STATE
attributes(8) = DIRECTORY_ZIP
attributes(9) = DIRECTORY_CUSTOMER_NAME
attributes(10) = DIRECTORY_ENABLED
attributes(11) = DIRECTORY_GIVEN_NAME ' this is the first name for a domain user
attributes(12) = DIRECTORY_KBIT_INDICATOR
attributes(13) = DIRECTORY_REQUESTING_BRANCH
attributes(14) = DIRECTORY_PWD_MUST_CHANGE
'Me.Connection.Bind()
Me.Bind()
Dim myRequest As New System.DirectoryServices.Protocols.SearchRequest(containerDN, UserDN, SearchScope.Base, attributes)
Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)
Dim results As SearchResultEntryCollection = myResponse.Entries
If results.Count >= 1 Then
Return results(0)
Else
Return Nothing
End If
End Function
答案 0 :(得分:0)
它已经进行了大量的研究,并在其他地方提出问题,在哪里可以找到答案。事实证明,我应该只查看用户的DN并执行简单的LDAP查询,而不是查看用户OU并搜索用户的DN。这是我的最终解决方案。我希望这有助于社区。 p>
Public Function GetUserByDN(UserDN As String) As SearchResultEntry
Dim ldapFilter As String = "(objectClass=person)"
Dim attributes(14) As String
attributes(0) = DIRECTORY_UNIQUE_ID
attributes(1) = DIRECTORY_FIRST_NAME
attributes(2) = DIRECTORY_LAST_NAME
attributes(3) = DIRECTORY_EMAIL_ADDRESS
attributes(4) = DIRECTORY_TELEPHONE
attributes(5) = DIRECTORY_STREET
attributes(6) = DIRECTORY_CITY
attributes(7) = DIRECTORY_STATE
attributes(8) = DIRECTORY_ZIP
attributes(9) = DIRECTORY_CUSTOMER_NAME
attributes(10) = DIRECTORY_ENABLED
attributes(11) = DIRECTORY_GIVEN_NAME
attributes(12) = DIRECTORY_KBIT_INDICATOR
attributes(13) = DIRECTORY_REQUESTING_BRANCH
attributes(14) = DIRECTORY_PWD_MUST_CHANGE
Me.Bind()
Dim myRequest As New SearchRequest(UserDN, ldapFilter, SearchScope.Base, attributes)
Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)
If myResponse.Entries.Count >= 1 Then
Return myResponse.Entries(0)
Else
Return Nothing
End If
End Function