我对这个有点失落。我在以下代码中调用.NET LdapConnection对象。第一个查询工作正常(SearchRequest),并使用默认的身份验证类型,协商。
在这个示例代码的foreach循环中,我然后尝试进行绑定以检查我在searchRequest中硬编码的用户的密码。
我在SearchResultEntry中获得了一个很好的DistinguishedName,并且Bind()可以工作,但只能使用AuthType.Basic。没有其他选项可以工作,我也不热衷于使用Basic(不安全)身份验证。
想法?
public LoginResult Authenticate(string userName, string password)
{
LdapDirectoryIdentifier identifier = new LdapDirectoryIdentifier(_serverName, _port);
NetworkCredential credential = new NetworkCredential(_ServerUsername, _Serverpwd);
LdapConnection ldapConnection = new LdapConnection(identifier, credential);
ldapConnection.Timeout = new TimeSpan(0, 0, _timeout);
try
{
SearchRequest searchRequest = new SearchRequest
(_distinguisedName,
"(&(objectClass=user)(givenname=Joe)(sn=Smith))",
SearchScope.Subtree,
null);
// cast the returned directory response as a SearchResponse object
SearchResponse searchResponse =
(SearchResponse)ldapConnection.SendRequest(searchRequest);
// enumerate the entries in the search response
foreach (SearchResultEntry entry2 in searchResponse.Entries)
{
// Check password by rebinding connection
ldapConnection.AuthType = AuthType.Basic;
ldapConnection.Bind(new NetworkCredential(entry2.DistinguishedName, password));
}
}
catch (Exception e)
{
return LoginResult.Failure;
}
finally
{
ldapConnection.Dispose();
}
return LoginResult.Success;
}