我们正在开发一个门户网站,管理员可以在其中管理Active Directory中的用户和组对象,而无需访问服务器本身。
每当用户被政策锁定时,即使我们没有更新 lockoutTime 属性,更新用户也会始终解锁用户
这是我们用于LINQ to LDAP的ClassMap
public override IClassMap PerformMapping(string namingContext = null, string objectCategory = null, bool includeObjectCategory = true, IEnumerable<string> objectClasses = null, bool includeObjectClasses = true)
{
NamingContext(namingContext);
ADUserEntity.SetNamingContext(namingContext);
ObjectCategory("Person");
ObjectClass("User");
DistinguishedName(x => x.DistinguishedName);
Map(x => x.Name).Named(Identity.cn).ReadOnly();
Map(x => x.Department).Named(Identity.department);
Map(x => x.Id).Named(Identity.objectGUID).StoreGenerated();
Map(x => x.Title).Named(Identity.title);
Map(x => x.GivenName).Named(Identity.givenName);
Map(x => x.SurName).Named(Identity.sn);
Map(x => x.MiddleName).Named(Identity.middleName);
Map(x => x.SAMAccountName).Named(Identity.sAMAccountName);
Map(x => x.AccountControl).Named(Identity.userAccountControl);
Map(x => x.DisplayName).Named(Identity.displayName);
Map(x => x.TelephoneNumber).Named(Identity.telephoneNumber);
Map(x => x.MemberOf).Named(Identity.memberof);
Map(x => x.LockoutTime).Named(Identity.lockoutTime).ReadOnly();
Map(x => x.LastLogon).Named(Identity.lastLogon).ReadOnly();
Map(x => x.EmailAddress).Named(Identity.mail).ReadOnly();
Map(x => x.PwdLastSet).Named(Identity.pwdLastSet).ReadOnly();
Map(x => x.UserPrincipalName).Named(Identity.userPrincipalName);
return this;
}
LockoutTime有一个简单的getter / setter
...
public override long? LockoutTime
{
get
{
return _userEntity.LockoutTime;
}
set
{
_userEntity.LockoutTime = value;
}
}
...
我已经尝试删除LockoutTime映射上的.ReadOnly()属性,这会导致在LINQ to LDAP中抛出异常,而这又是由Active Directory服务器抛出的错误消息引起的(Windows Server 2012 R2)