我已在Windows 2008服务器上设置了Active Directory服务。
我添加了一个用户,这里是DN(DistingushedName)CN=ashwin,CN=Users,DC=test,DC=com
没有为DN设置密码,并且允许匿名绑定。我有一个示例(测试代码)C ++程序连接到AD并搜索用户。
#include "windows.h"
#include "winldap.h"
#include "stdio.h"
// Entry point for your application
int main(int argc, char* argv[])
{
LDAP* pLdapConnection = NULL;
INT returnCode = 0;
INT connectSuccess = 0;
ULONG version = LDAP_VERSION3;
LONG lv = 0;
int option(0);
LDAPMessage *vLdapMessage;
// Initialize an LDAP session without SSL.
pLdapConnection = ldap_init("192.168.56.128",389);
if (pLdapConnection == NULL)
{
printf( "ldap_init failed with 0x%x.\n",hr);
return -1;
}
// Specify version 3; the default is version 2.
returnCode = ldap_set_option(pLdapConnection,
LDAP_OPT_PROTOCOL_VERSION,
(void*)&version);
if (returnCode != LDAP_SUCCESS)
goto FatalExit;
//Turning off referrals
ldap_set_option(pLdapConnection, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); // required
// Connect to the server.
connectSuccess = ldap_connect(pLdapConnection, NULL);
if(connectSuccess != LDAP_SUCCESS)
{
printf("ldap_connect failed with 0x%x.\n",connectSuccess);
goto FatalExit;
}
// Bind with current credentials.
printf("Binding ...\n");
returnCode = ldap_bind_s(pLdapConnection,NULL, NULL, LDAP_AUTH_SIMPLE);
if (returnCode != LDAP_SUCCESS)
goto FatalExit;
returnCode = ldap_search_s(pLdapConnection, "DC=test, DC=com", LDAP_SCOPE_SUBTREE, "CN=ashwin", NULL, 0, &vLdapMessage);
if (returnCode != LDAP_SUCCESS)
goto FatalExit;
NormalExit:
if (pLdapConnection != NULL)
ldap_unbind_s(pLdapConnection);
return 0;
FatalExit:
if( pLdapConnection != NULL )
ldap_unbind_s(pLdapConnection);
printf( "\n\nERROR: 0x%x\n", returnCode);
return returnCode;
}
搜索失败。 ldap_search_s始终返回1。
Apache目录服务上的相同设置测试工作正常。
有人可以指出为什么这不适用于Windows AD?该计划有什么问题?
答案 0 :(得分:2)
Active Directory过滤语法可能非常详细。据我所知,您只需稍微修改过滤器即可。试试这个:
(&(objectClass=user)(distinguishedName=CN=ashwin,CN=Users,DC=test,DC=com))
但是,对于单用户过滤,我会尝试使用sAMAccountName。这通常遵循{FirstInitial} {LastName}格式,对用户来说是唯一的(例如JSmith):
(&(objectClass=user)(sAMAccountName=JSmith))