是否可以从LDAP中检索所有属性/值的列表而不指定,如果可以,这怎么可能?
答案 0 :(得分:25)
我获取了DirectoryEntry类对象的所有参数列表。我希望它会有所帮助:
objectClass = System.Object[]
cn = Administrator
sn = Kwiatek (Last name)
c = PL (Country Code)
l = Warszawa (City)
st = Mazowieckie (Voivodeship)
title = .NET Developer
description = Built-in account for administering the computer/domain
postalCode = 00-000
postOfficeBox = Warszawa Ursynów
physicalDeliveryOfficeName = Wojskowa Akademia Techniczna
givenName = Piotr (First name)
distinguishedName = CN=Administrator,CN=Users,DC=helpdesk,DC=wat,DC=edu
instanceType = 4
whenCreated = 2012-11-23 06:09:28
whenChanged = 2013-02-23 13:24:41
displayName = Piotr Kwiatek (Konto administratora)
uSNCreated = System.__ComObject
memberOf = System.Object[]
uSNChanged = System.__ComObject
co = Poland
company = HELPDESK
streetAddress = Kaliskiego 2
wWWHomePage = http://www.piotr.kwiatek.org
name = Administrator
objectGUID = System.Byte[]
userAccountControl = 512
badPwdCount = 0
codePage = 0
countryCode = 616
badPasswordTime = System.__ComObject
lastLogoff = System.__ComObject
lastLogon = System.__ComObject
logonHours = System.Byte[]
pwdLastSet = System.__ComObject
primaryGroupID = 513
objectSid = System.Byte[]
adminCount = 1
accountExpires = System.__ComObject
logonCount = 178
sAMAccountName = Administrator
sAMAccountType = 805306368
objectCategory = CN=Person,CN=Schema,CN=Configuration,DC=helpdesk,DC=wat,DC=edu
isCriticalSystemObject = True
dSCorePropagationData = System.Object[]
lastLogonTimestamp = System.__ComObject
mail = spam@kwiatek.org
nTSecurityDescriptor = System.__ComObject
在这里你有代码:
string currentUserSid = WindowsIdentity.GetCurrent().User.Value;
PrincipalContext ctx = new PrincipalContext(
ContextType.Domain,
"helpdesk.wat.edu");
UserPrincipal up = UserPrincipal.FindByIdentity(
ctx, IdentityType.Sid,
currentUserSid);
/*
*
*/
DirectoryEntry entry = up.GetUnderlyingObject() as DirectoryEntry;
PropertyCollection props = entry.Properties;
/*
*
*/
foreach (string propName in props.PropertyNames)
{
if (entry.Properties[propName].Value != null)
{
Console.WriteLine(propName + " = " + entry.Properties[propName].Value.ToString());
}
else
{
Console.WriteLine(propName + " = NULL");
}
}
Console.ReadKey();
答案 1 :(得分:14)
指定“*”作为要返回的属性列表中的唯一值。
如果您还想要操作属性,请在列表中添加“+”。
答案 2 :(得分:5)
// This will list ALL the properties from AD (between 200 and 800..or more)
// If someone has a solution for non AD servers please post it!
List<String> properties = new List<String>();
IPAddress[] ips = Dns.GetHostAddresses(Server).Where(w => w.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork).ToArray();
if (ips.Length > 0)
{
DirectoryContext directoryContext = new DirectoryContext(DirectoryContextType.DirectoryServer, ips[0].ToString() + ":389", Username, Password);
ActiveDirectorySchema adschema = ActiveDirectorySchema.GetSchema(directoryContext);
ActiveDirectorySchemaClass adschemaclass = adschema.FindClass("User");
// Read the OptionalProperties & MandatoryProperties
ReadOnlyActiveDirectorySchemaPropertyCollection propcol = adschemaclass.GetAllProperties();
foreach (ActiveDirectorySchemaProperty schemaProperty in propcol)
properties.Add(schemaProperty.Name.ToLower());
}
答案 3 :(得分:3)
单独检索“所有属性”,就目录而言,这是没有意义的。 你的意思是:
我并没有注意这样一个事实:某些用户属性可以是只读的,而其他用户属性只能用特定的值写入。我添加了获取内容的方法。
@Ghostfire提供了用于检索所有用户属性和操作属性的解决方案。
DirectoryEntry deUser = new DirectoryEntry("LDAP://WM2008R2ENT:389/CN=AUser,OU=MonOu,DC=dom,DC=fr");
foreach (string property in deUser.Properties.PropertyNames)
{
Console.WriteLine("\t{0} : {1} ", property, deUser.Properties[property][0]);
}
但请记住,在LDAP搜索中,最好的方法是提供您想要检索的属性:
/* Connection to Active Directory
*/
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");
/* Directory Search
*/
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = "(sn=users)";
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("cn");
dsLookFor.PropertiesToLoad.Add("givenName");
dsLookFor.PropertiesToLoad.Add("telephoneNumber");
dsLookFor.Sort = new SortOption("givenName", SortDirection.Descending);
dsLookFor.VirtualListView = new DirectoryVirtualListView(1, 0, 2);
SearchResultCollection srcUsers = dsLookFor.FindAll();
答案 4 :(得分:2)
您可以使用DirectoryEntry生成属性列表,您必须使用每个属性列表来查看属性列表。
DirectoryEntry objADAM = default(DirectoryEntry);
string properties = string.Empty;
foreach (string property in objADAM.Properties.PropertyNames)
{
properties += property + ", ";
}
当涉及到C#和Active Directory时,你总是可以参考 http://www.codeproject.com/KB/system/everythingInAD.aspx 。
更新:http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
答案 5 :(得分:0)
ADSI Edit是一个很好的工具,可以帮助您找出问题所在。在这种情况下,您需要使用架构数据。当您打开ADSI Edit时,选择“连接到...”,然后为众所周知的命名上下文选择“ Schema” ...,现在您可以看一下不同的模式类:(subSchema,classSchema,attributeSchema) ...
棘手的是,知道您需要选择一个classSchema,然后获取其“ schemaIDGUID” ...然后在所有attributeSchema上进行搜索并在“ schemaIDGUID”上进行过滤
例如如果您选择查看“ CN =用户”,则会注意到schemaIDGUID == bf967aba-0de6-11d0-a285-00aa003049e2
然后,如果您选择查看“ CN = Pwd-Last-Set”,则会注意到schemaIDGUID匹配。...
话虽如此,使用ActiveDirectorySchemaClass可能要容易得多(正如David回答的那样),但是我感觉要分享一些知识。
答案 6 :(得分:-1)
有关所有可能属性的列表,您应该查看查询给定objectClass的模式。