1. 首页
  2. 问答
  3. 如何在c#中的System.DirectoryServices.Protocol中获取嵌套组(子组)?

如何在c#中的System.DirectoryServices.Protocol中获取嵌套组(子组)?

2017-04-05 36 views
0

我有一个函数,它获取组的参数Distringuished name,并使用SearchRequest查询和SearchResponse返回给定组内的嵌套组或组。当我使用DirectoryEntry时,代码正常工作,但在使用LdapConnection类时失败。有必要使用LdapConnection类。请在下面找到代码片段:如何在c#中的System.DirectoryServices.Protocol中获取嵌套组(子组)?

public static void GetNestedGroups(string strGroupDN) 
{ 
    var _currentDomainofLoggedinUser = Domain.GetComputerDomain(); 

    var currentDomainofLoggedinUser = Domain.GetComputerDomain(); 
    var currentDomainController = currentDomainofLoggedinUser.FindDomainController(); //Gets the current Domain controller 

    var domainName = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName; 
    string strPath = "LDAP://" + currentDomainController.Name; //Gets the current domain controller name 
    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); 
    using (LdapConnection ldap = new LdapConnection(new LdapDirectoryIdentifier(domainName, 636))) 
    { 
     ldap.AuthType = AuthType.Basic; 
     ldap.SessionOptions.SecureSocketLayer = false; 
     var s = new SecureString(); 
     NetworkCredential network = new NetworkCredential(WindowsIdentity.GetCurrent().Name, s); 

     string ldapSearchFilter = String.Format 
       ("(&(memberOf={0})(objectClass=group))", strGroupDN); 
     NetworkCredential cred = CredentialCache.DefaultNetworkCredentials; 
     ldap.Bind(network); 
     string[] attributesToReturn = new string[] { "distinguishedName" }; 


     SearchRequest searchRequest = new SearchRequest(strGroupDN, ldapSearchFilter, SearchScope.OneLevel, attributesToReturn); 
     searchRequest.DistinguishedName = 
      strGroupDN; 


     searchRequest.Filter = String.Format 
       ("(&(memberOf={0})(objectClass=group))", strGroupDN); 
     SearchResponse response = (SearchResponse)ldap.SendRequest(searchRequest); 
     if (response != null && response.Entries.Count > 0) 
     { 
      SearchResultEntry obj = response.Entries[0]; 

      var groupCount = ((System.Collections.CollectionBase)(obj.Attributes["memberOf"])).Count; 
      foreach (SearchResultEntry entry in response.Entries) 
      { 
       var groupName = entry.DistinguishedName; 
       _subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0]); 
       GetNestedGroups(groupName); 
      } 

     } 
    } 
}

在响应中,它不给任何东西。 (在DirectoryEntry的情况下,它确实提供了结果)

来源

2017-04-05 sagar yadwad

+0

请注意,在AD中,我可以同时创建GroupA的GroupB和GroupB成员的GroupA成员。在这里,你将会有一个无限的递归 – oldovets

+0

并注意memberOf属性不包含来自其他域的组(如果你有)。 – oldovets

回答

0

对于任何一组,我们可以使用下面的查询得到一组对象: -

公共静态无效GetUsersCorrespondingToGroupChild(字符串strGroupDN) {

 SearchRequest searchRequest = new SearchRequest(); 
     searchRequest.DistinguishedName = strGroupDN; 
     searchRequest.Filter = String.Format("(&(objectCategory=Group)(CN={0}))", strGroupDN.ToString().Split('=')[1].Split(',')[0]); 
     SearchResponse response = 
    (SearchResponse)ldap.SendRequest(searchRequest); 
     if (response != null && response.Entries.Count > 0) 
     { 
      SearchResultEntry obj = response.Entries[0];//I get group object here 
      if (obj.Attributes["member"] != null) 
      { 


       var childCount = ((System.Collections.CollectionBase)(obj.Attributes["member"])).Count; 

       for (int i = 0; i < childCount; i++) 
       { 

        string groupName = obj.Attributes["member"][i].ToString();//I get all members in which i have to find subgroups 
        List<string> localGroupList = new List<string>(); 
        if (groupName.Contains("OU=Groups")) 
        { 
         var attributes = obj.Attributes.AttributeNames; 
         string attributesstr = string.Empty; 
         foreach (var item in attributes) 
         { 
          attributesstr = attributesstr + "," + item; 
         } 
         _subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0] + " : " + attributesstr); 
         count_Children++; 


        } 



       } 


      } 
     } 

    }

所以对于分组,我只是要得到属性[“成员”]查询返回所有的用户和组,然后我必须检索相应的组。

来源

2017-04-07 05:50:10

0

我觉得你太难​​了。假设您正在使用Microsoft Active Directory和你的愿望是让那些现有组的成员组,我想你可以使用过滤器,例如:

(&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET))

如果希望所有成员,包括用户:

(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)

或者只提取用户:

(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)

得到最本从ldapwiki

让我们知道这是否有效。

来源

2017-04-05 10:52:32 jwilleke

+0

感谢您的及时回应。 :)但是,这就是为什么我使用LDAPconnection类的原因是,它不确定它将只连接到Microsoft Active Directory。我会让你知道,如果它的作品谢谢:) –

+0

搜索只适用于Microsoft Active Directory。 http://ldapwiki.com/wiki/1.2.840.113556.1.4.1941 – jwilleke

相关问题

 相关问题