1. 首頁
  2. 問答
  3. 如何在c#中的System.DirectoryServices.Protocol中獲取嵌套組(子組)?

如何在c#中的System.DirectoryServices.Protocol中獲取嵌套組(子組)?

2017-04-05 75 views
0

我有一個函數,它獲取組的參數Distringuished name,並使用SearchRequest查詢和SearchResponse返回給定組內的嵌套組或組。當我使用DirectoryEntry時,代碼正常工作,但在使用LdapConnection類時失敗。有必要使用LdapConnection類。請在下面找到代碼片段:如何在c#中的System.DirectoryServices.Protocol中獲取嵌套組(子組)?

public static void GetNestedGroups(string strGroupDN) 
{ 
    var _currentDomainofLoggedinUser = Domain.GetComputerDomain(); 

    var currentDomainofLoggedinUser = Domain.GetComputerDomain(); 
    var currentDomainController = currentDomainofLoggedinUser.FindDomainController(); //Gets the current Domain controller 

    var domainName = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName; 
    string strPath = "LDAP://" + currentDomainController.Name; //Gets the current domain controller name 
    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); 
    using (LdapConnection ldap = new LdapConnection(new LdapDirectoryIdentifier(domainName, 636))) 
    { 
     ldap.AuthType = AuthType.Basic; 
     ldap.SessionOptions.SecureSocketLayer = false; 
     var s = new SecureString(); 
     NetworkCredential network = new NetworkCredential(WindowsIdentity.GetCurrent().Name, s); 

     string ldapSearchFilter = String.Format 
       ("(&(memberOf={0})(objectClass=group))", strGroupDN); 
     NetworkCredential cred = CredentialCache.DefaultNetworkCredentials; 
     ldap.Bind(network); 
     string[] attributesToReturn = new string[] { "distinguishedName" }; 


     SearchRequest searchRequest = new SearchRequest(strGroupDN, ldapSearchFilter, SearchScope.OneLevel, attributesToReturn); 
     searchRequest.DistinguishedName = 
      strGroupDN; 


     searchRequest.Filter = String.Format 
       ("(&(memberOf={0})(objectClass=group))", strGroupDN); 
     SearchResponse response = (SearchResponse)ldap.SendRequest(searchRequest); 
     if (response != null && response.Entries.Count > 0) 
     { 
      SearchResultEntry obj = response.Entries[0]; 

      var groupCount = ((System.Collections.CollectionBase)(obj.Attributes["memberOf"])).Count; 
      foreach (SearchResultEntry entry in response.Entries) 
      { 
       var groupName = entry.DistinguishedName; 
       _subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0]); 
       GetNestedGroups(groupName); 
      } 

     } 
    } 
}

在響應中,它不給任何東西。 (在DirectoryEntry的情況下,它確實提供了結果)

來源

2017-04-05 sagar yadwad

+0

請注意,在AD中,我可以同時創建GroupA的GroupB和GroupB成員的GroupA成員。在這裏,你將會有一個無限的遞歸 – oldovets

+0

並注意memberOf屬性不包含來自其他域的組(如果你有)。 – oldovets

回答

0

對於任何一組,我們可以使用下面的查詢得到一組對象: -

公共靜態無效GetUsersCorrespondingToGroupChild(字符串strGroupDN) {

 SearchRequest searchRequest = new SearchRequest(); 
     searchRequest.DistinguishedName = strGroupDN; 
     searchRequest.Filter = String.Format("(&(objectCategory=Group)(CN={0}))", strGroupDN.ToString().Split('=')[1].Split(',')[0]); 
     SearchResponse response = 
    (SearchResponse)ldap.SendRequest(searchRequest); 
     if (response != null && response.Entries.Count > 0) 
     { 
      SearchResultEntry obj = response.Entries[0];//I get group object here 
      if (obj.Attributes["member"] != null) 
      { 


       var childCount = ((System.Collections.CollectionBase)(obj.Attributes["member"])).Count; 

       for (int i = 0; i < childCount; i++) 
       { 

        string groupName = obj.Attributes["member"][i].ToString();//I get all members in which i have to find subgroups 
        List<string> localGroupList = new List<string>(); 
        if (groupName.Contains("OU=Groups")) 
        { 
         var attributes = obj.Attributes.AttributeNames; 
         string attributesstr = string.Empty; 
         foreach (var item in attributes) 
         { 
          attributesstr = attributesstr + "," + item; 
         } 
         _subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0] + " : " + attributesstr); 
         count_Children++; 


        } 



       } 


      } 
     } 

    }

所以對於分組,我只是要得到屬性[「成員」]查詢返回所有的用戶和組,然後我必須檢索相應的組。

來源

2017-04-07 05:50:10

0

我覺得你太難​​了。假設您正在使用Microsoft Active Directory和你的願望是讓那些現有組的成員組,我想你可以使用過濾器,例如:

(&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET))

如果希望所有成員,包括用戶:

(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)

或者只提取用戶:

(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)

得到最本從ldapwiki

讓我們知道這是否有效。

來源

2017-04-05 10:52:32 jwilleke

+0

感謝您的及時迴應。 :)但是,這就是爲什麼我使用LDAPconnection類的原因是,它不確定它將只連接到Microsoft Active Directory。我會讓你知道,如果它的作品謝謝:) –

+0

搜索只適用於Microsoft Active Directory。 http://ldapwiki.com/wiki/1.2.840.113556.1.4.1941 – jwilleke

相關問題

 相關問題