OpenLdap C#与Distinguished Name中的转义字符绑定

时间:2013-02-19 14:55:21

标签: c# ldap directoryservices openldap

我有一些工作的LDAP代码,我们使用他的专有名称重新绑定到找到的用户以验证用户。实际上,这就是正在发生的事情:

            string userDn = @"cn=Feat Studentl+umanroleid=302432,ou=Faculty of Engineering & Physical Sciences Administration,ou=Faculty of Engineering & Physical Sciences,ou=People,o=University of TestSite,c=GB";
            string fullPath = @"LDAP://surinam.testsite.ac.uk:636/" + userDn;

            DirectoryEntry authUser = new DirectoryEntry(fullPath, userDn, "mypassword", AuthenticationTypes.None);

            authUser.RefreshCache();

然而,这会在DirectoryEntry.Bind()

中导致错误未知错误80005000

我怀疑问题可能是DN在CN属性中有'+'和'='。因此,在发现逃避它的方法应该是\和字符的十六进制值我试过这个:

            string userDn = @"cn=Feat Studentl\2Bumanroleid\3D302432,ou=Faculty of Engineering & Physical Sciences Administration,ou=Faculty of Engineering & Physical Sciences,ou=People,o=University of TestSite,c=GB";

然而我收到错误:

登录失败:未知用户名或密码错误

我认为这是因为现在它对请求感到满意,但由于某种原因它无法匹配用户DN。

到底有没有?

2 个答案:

答案 0 :(得分:1)

根据我开发LDAP服务的经验,每当您因凭据无效而导致登录失败时, 往往是绑定尝试的问题。您收到该错误是因为DirectoryEntry无法解析DN中的转义字符...但是,您首先不必这样做。

在您的代码中 - 将AuthenticationTypes设置为“None”会强制该条目根据您提供的DN进行简单绑定。由于您将服务器名称包含在路径中,我会尝试使用ServerBind auth类型,如下所示:

string LdapPath = ("LDAP://" + ldapUrl + "/" + Domain);

//Build the user and issue the Refresh bind
var dirEntry = new DirectoryEntry
                   {
                       Path = LdapPath,
                       Username = _usernameToVerify,
                       Password = _passwordToVerify,
                       AuthenticationType = AuthenticationTypes.ServerBind
                   };

//This will load any available properties for the user
dirEntry.RefreshCache();

此外,您似乎正在调用安全LDAP端口(636),因此请确保您还包含AuthenticationTypes.SecureSocketsLayer以及ServerBind mechansim:

AuthenticationType = AuthenticationTypes.ServerBind | AuthenticationTypes.SecureSocketsLayer

希望这有帮助!

答案 1 :(得分:0)

我不得不求助于挖掘为一个客户定制的旧DLL项目。

我设法让它发挥作用。如果您的DN具有转义字符,则似乎必须引用这些低级目录服务例程。 (在现实生活中注意,通过设置DirectorySearcher并首先执行FindOne,通过初始的灵活用户搜索获得DN)

 string userDn = @"cn=Feat Studentl+umanroleid=302432,ou=Faculty of Engineering & Physical Sciences Administration,ou=Faculty of Engineering & Physical Sciences,ou=People,o=University of TestSite,c=GB";
 string basicUrl = @"surinam.testsite.ac.uk:636";



  var ldapConnection = new LdapConnection(basicUrl);
  ldapConnection.AuthType = AuthType.Basic;
  LdapSessionOptions options = ldapConnection.SessionOptions;
  options.ProtocolVersion = 3;
  options.SecureSocketLayer = true;

  NetworkCredential credential = new NetworkCredential(userDn, password);                             
  ldapConnection.Credential = credential;

  try
  {
      ldapConnection.Bind();
      Console.WriteLine("bind succeeded ");
  }
  catch (LdapException e)
  {
      if (e.ErrorCode == 49)
      {
           Console.WriteLine("bind failed ");
      }
      else
      {
          Console.WriteLine("unexpected result " + e.ErrorCode);
      }
  }
  catch (DirectoryOperationException e)
  {
      Console.WriteLine("unexpected error " + e.Message);
  }