LDAP密码到期日

时间:2016-01-12 10:27:40

标签: c# active-directory ldap

我有一个使用Active Directory进行身份验证的Web应用程序。我想添加一个选项,在密码即将到期时通知用户。 我设法做了一些事情,但我遇到的问题是到期天数是负数(daysLeft参数),但我仍然可以登录。

string domainAndUsername = @"LDAP://ldapUrl";

DirectoryEntry root = new DirectoryEntry(ldapServer, userID, userPwd, AuthenticationTypes.Secure);
DirectorySearcher mySearcher = new DirectorySearcher(root);
SearchResultCollection results;

string filter = "maxPwdAge=*";
mySearcher.Filter = filter;

results = mySearcher.FindAll();

long maxDays = 0;
if (results.Count >= 1)
{
    Int64 maxPwdAge = (Int64)results[0].Properties["maxPwdAge"][0];
    maxDays = maxPwdAge / -864000000000;
}

mySearcher = new DirectorySearcher(root);
mySearcher.Filter = "(&(objectCategory=user)(samaccountname=" + userID + "))";

results = mySearcher.FindAll();
long daysLeft = 0;
if (results.Count >= 1)
{
    var lastChanged = results[0].Properties["pwdLastSet"][0];
    daysLeft = maxDays - DateTime.Today.Subtract(
        DateTime.FromFileTime((long)lastChanged)).Days;
}

由于用户无法登录,如果帐户已过期,我猜我的错误是在计算帐户到期前的剩余天数...但我似乎无法找到它的位置。

3 个答案:

答案 0 :(得分:1)

这个片段工作正常,我还有三天要改变我的pw,包括今天:

    public static void Main(string[] args)
    {
        const ulong dataFromAD = 0xFFFFE86D079B8000;
        var ticks = -unchecked((long)dataFromAD);
        var maxPwdAge = TimeSpan.FromTicks(ticks);

        var pwdLastSet = new DateTime(2015,12,16,9,19,13);

        var pwdDeadline = (pwdLastSet + maxPwdAge).Date;

        Console.WriteLine(pwdDeadline);

        Console.WriteLine(pwdDeadline - DateTime.Today);

        Console.ReadKey(true);
    }

我还确认TimeSpan.FromTicks(-(long)results[0].Properties["maxPwdAge"][0])DateTime.FromFileTime((long)results[0].Properties["pwdLastSet"][0])表达式正确地从我们的AD中提取值。

答案 1 :(得分:0)

我过去使用过以下代码,我觉得它很准确。您可以尝试一下,看看它是否适合您:

    private static DateTime? getPwdExpiration(string usuario)
    {
        DirectoryEntry searchGroup = new DirectoryEntry("LDAP://ldapUrl");
        DateTime? dt=null;
        foreach (DirectoryEntry user in searchGroup.Children)
        {
            if (user.InvokeGet("userPrincipalName") != null)
            {
                string username = user.InvokeGet("userPrincipalName").ToString();
                username = username.Substring(0, username.IndexOf('@'));
                if (username == usuario)
                {
                    if (user.InvokeGet("PasswordExpirationDate") != null)
                    {
                        dt = (DateTime)user.InvokeGet("PasswordExpirationDate");
                        if (dt.Value.CompareTo(new DateTime(1970,1,1))==0)
                        {
                            //Password never expires
                            dt = null;
                        }
                    }
                    break;
                }
            }
        }
        return dt;
    }

用法:

DateTime? expirationDate = getPwdExpiration(username);

答案 2 :(得分:-1)

使用 Node JS 可以实现密码过期。尝试这样的事情

const modifyChange = [
        new ldap.Change({
            operation: 'replace',
            modification: {
                pwdMaxAge: 3600 //in seconds
            }
        })];
client.modify('cn=Manager,dc=mydomain,dc=local', modifyChange, (err) => {
       if(!err) {
            console.log('password age updated')// updated
        }
    });

相关问题
最新问题