我有一些代码(下面)每15分钟运行一次。 有时它将无法使用以下错误查询AD:
System.DirectoryServices.Protocols.DirectoryOperationException: The server does not support the control. The control is critical.
at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
在搜索到该错误后,我发现了两个SO问题(one,two)指向使用AuthType.Ntlm来解决问题。但这对我来说并没有解决。 Another说要检查服务器是否支持分页(确实如此)。
关于为什么会发生这种情况的任何想法?
var attributesToReturn = new[] {
"givenName",
"sn",
"middleName",
"extensionAttribute8",
"department",
"sAMAccountName",
"userAccountControl"
};
var filter = "(&(objectclass=user)(!(objectclass=computer))(sn=*)(givenName=*)(extensionAttribute8=*)(|(sn=a*)(sn=b*)(sn=c*)(sn=d*)(sn=e*)(sn=f*)(sn=g*)(sn=h*)(sn=i*)(sn=j*)(sn=k*)(sn=l*)(sn=m*)(sn=n*)(sn=o*)(sn=p*)(sn=q*)(sn=r*)(sn=s*)(sn=t*)(sn=u*)(sn=v*)(sn=w*)(sn=x*)(sn=y*)(sn=z*)))";
var currentBatch = 1;
var searchRequest = new SearchRequest("DC=foo,DC=bar,DC=baz", filter, SearchScope.Subtree, attributesToReturn);
var pageRequestControl = new PageResultRequestControl(500);
searchRequest.Controls.Add(pageRequestControl);
using (var ldapConnection = new LdapConnection("server.foo.bar.baz"))
{
ldapConnection.Credential = new NetworkCredential("user", "pass", "domain");
ldapConnection.Timeout = new TimeSpan(0, 4, 0);
ldapConnection.AuthType = AuthType.Ntlm; // https://stackoverflow.com/a/14255413
while (true)
{
log.Debug("Fetching batch {0} from AD", currentBatch);
var searchResponse = (SearchResponse)ldapConnection.SendRequest(searchRequest);
var pageResultResponse = (PageResultResponseControl)searchResponse.Controls[0];
log.Debug("Parsing AD response for batch {0}", currentBatch);
ParseResponse(_return, searchResponse, includeDisabled);
if (pageResultResponse.Cookie.Length == 0)
break;
pageRequestControl.Cookie = pageResultResponse.Cookie;
currentBatch++;
}
}
答案 0 :(得分:0)
这可能不是问题,因为它有时只会失败,但我每次都有这个错误并且必须设置
ldapConnection.SessionOptions.ProtocolVersion=3
让它完全奏效。