使用System.DirectoryServices.Protocols以专有名称获取用户

时间:2012-05-07 18:00:54

标签: vb.net directoryservices oid

我有一个非常广泛的应用程序,它是通过OID为多个Web应用程序提供SSO而构建的。问题是我们已经看到一些用户对其中一个应用程序的角色“孤立”。我编写了一个方法,为有权访问该角色的所有用户返回可分辨名称。为了执行清理,我试图确保在上一步中返回的用户实际存在于OID中。我在搜索用户或角色时一直在使用System.DirectoryServices.Protocols.SearchRequest类,但它不适用于可分辨名称。以下是我的方法。已经改变了几次尝试不同的方法使它工作。

    Public Function GetUserByDN(UserDN As String) As SearchResultEntry
        Dim searchString As String = String.Format("baseDN={0}", UserDN)
        Dim containerDN As String = Nothing
        If _extranet Then
            containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_ExternalDomain")
        Else
            containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_InternalDomain")
        End If

        Dim attributes(14) As String
        attributes(0) = DIRECTORY_UNIQUE_ID
        attributes(1) = DIRECTORY_FIRST_NAME
        attributes(2) = DIRECTORY_LAST_NAME
        attributes(3) = DIRECTORY_EMAIL_ADDRESS
        attributes(4) = DIRECTORY_TELEPHONE
        attributes(5) = DIRECTORY_STREET
        attributes(6) = DIRECTORY_CITY
        attributes(7) = DIRECTORY_STATE
        attributes(8) = DIRECTORY_ZIP
        attributes(9) = DIRECTORY_CUSTOMER_NAME
        attributes(10) = DIRECTORY_ENABLED
        attributes(11) = DIRECTORY_GIVEN_NAME   ' this is the first name for a domain user
        attributes(12) = DIRECTORY_KBIT_INDICATOR
        attributes(13) = DIRECTORY_REQUESTING_BRANCH
        attributes(14) = DIRECTORY_PWD_MUST_CHANGE

        'Me.Connection.Bind()
        Me.Bind()

        Dim myRequest As New System.DirectoryServices.Protocols.SearchRequest(containerDN, UserDN, SearchScope.Base, attributes)
        Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)
        Dim results As SearchResultEntryCollection = myResponse.Entries

        If results.Count >= 1 Then
            Return results(0)
        Else
            Return Nothing
        End If
    End Function

1 个答案:

答案 0 :(得分:0)

它已经进行了大量的研究,并在其他地方提出问题,在哪里可以找到答案。事实证明,我应该只查看用户的DN并执行简单的LDAP查询,而不是查看用户OU并搜索用户的DN。这是我的最终解决方案。我希望这有助于社区。

       Public Function GetUserByDN(UserDN As String) As SearchResultEntry
        Dim ldapFilter As String = "(objectClass=person)"

        Dim attributes(14) As String
        attributes(0) = DIRECTORY_UNIQUE_ID
        attributes(1) = DIRECTORY_FIRST_NAME
        attributes(2) = DIRECTORY_LAST_NAME
        attributes(3) = DIRECTORY_EMAIL_ADDRESS
        attributes(4) = DIRECTORY_TELEPHONE
        attributes(5) = DIRECTORY_STREET
        attributes(6) = DIRECTORY_CITY
        attributes(7) = DIRECTORY_STATE
        attributes(8) = DIRECTORY_ZIP
        attributes(9) = DIRECTORY_CUSTOMER_NAME
        attributes(10) = DIRECTORY_ENABLED
        attributes(11) = DIRECTORY_GIVEN_NAME
        attributes(12) = DIRECTORY_KBIT_INDICATOR
        attributes(13) = DIRECTORY_REQUESTING_BRANCH
        attributes(14) = DIRECTORY_PWD_MUST_CHANGE

        Me.Bind()

        Dim myRequest As New SearchRequest(UserDN, ldapFilter, SearchScope.Base, attributes)
        Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)

        If myResponse.Entries.Count >= 1 Then
            Return myResponse.Entries(0)
        Else
            Return Nothing
        End If
    End Function