如何在 C# 中获取 System.DirectoryServices.Protocol 中的嵌套组(子组)
How to get nested groups (subgroups) in System.DirectoryServices.Protocol in c#
我有一个函数,它使用 SearchRequest 查询和 SearchResponse 获取参数作为组的 Distringuished name 和 returns 嵌套组或给定组中的组。当我使用 DirectoryEntry 时代码工作正常,但当我使用 LdapConnection class 时失败。有必要与 LdapConnection class 一起工作。请在下面找到代码片段:
public static void GetNestedGroups(string strGroupDN)
{
var _currentDomainofLoggedinUser = Domain.GetComputerDomain();
var currentDomainofLoggedinUser = Domain.GetComputerDomain();
var currentDomainController = currentDomainofLoggedinUser.FindDomainController(); //Gets the current Domain controller
var domainName = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName;
string strPath = "LDAP://" + currentDomainController.Name; //Gets the current domain controller name
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
using (LdapConnection ldap = new LdapConnection(new LdapDirectoryIdentifier(domainName, 636)))
{
ldap.AuthType = AuthType.Basic;
ldap.SessionOptions.SecureSocketLayer = false;
var s = new SecureString();
NetworkCredential network = new NetworkCredential(WindowsIdentity.GetCurrent().Name, s);
string ldapSearchFilter = String.Format
("(&(memberOf={0})(objectClass=group))", strGroupDN);
NetworkCredential cred = CredentialCache.DefaultNetworkCredentials;
ldap.Bind(network);
string[] attributesToReturn = new string[] { "distinguishedName" };
SearchRequest searchRequest = new SearchRequest(strGroupDN, ldapSearchFilter, SearchScope.OneLevel, attributesToReturn);
searchRequest.DistinguishedName =
strGroupDN;
searchRequest.Filter = String.Format
("(&(memberOf={0})(objectClass=group))", strGroupDN);
SearchResponse response = (SearchResponse)ldap.SendRequest(searchRequest);
if (response != null && response.Entries.Count > 0)
{
SearchResultEntry obj = response.Entries[0];
var groupCount = ((System.Collections.CollectionBase)(obj.Attributes["memberOf"])).Count;
foreach (SearchResultEntry entry in response.Entries)
{
var groupName = entry.DistinguishedName;
_subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0]);
GetNestedGroups(groupName);
}
}
}
}
在响应中它没有给出任何东西。 (在 DirectoryEntry 的情况下,它确实提供了结果)
我觉得你太难了。假设您正在使用 Microsoft Active Directory 并且您希望获得属于现有组成员的组,我认为您可以使用过滤器,例如:
(&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET))
如果您想要所有成员,包括用户:
(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)
或仅检索用户:
(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)
大部分来自 ldapwiki
让我们知道这是否可行。
对于任何组,我们可以使用以下查询获取组对象:-
public static void GetUsersCorrespondingToGroupChild(string strGroupDN)
{
SearchRequest searchRequest = new SearchRequest();
searchRequest.DistinguishedName = strGroupDN;
searchRequest.Filter = String.Format("(&(objectCategory=Group)(CN={0}))", strGroupDN.ToString().Split('=')[1].Split(',')[0]);
SearchResponse response =
(SearchResponse)ldap.SendRequest(searchRequest);
if (response != null && response.Entries.Count > 0)
{
SearchResultEntry obj = response.Entries[0];//I get group object here
if (obj.Attributes["member"] != null)
{
var childCount = ((System.Collections.CollectionBase)(obj.Attributes["member"])).Count;
for (int i = 0; i < childCount; i++)
{
string groupName = obj.Attributes["member"][i].ToString();//I get all members in which i have to find subgroups
List<string> localGroupList = new List<string>();
if (groupName.Contains("OU=Groups"))
{
var attributes = obj.Attributes.AttributeNames;
string attributesstr = string.Empty;
foreach (var item in attributes)
{
attributesstr = attributesstr + "," + item;
}
_subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0] + " : " + attributesstr);
count_Children++;
}
}
}
}
}
所以对于子组,我只需要获取 return 所有用户和组的属性 ["member"] 查询,然后我必须检索与之对应的组。
我有一个函数,它使用 SearchRequest 查询和 SearchResponse 获取参数作为组的 Distringuished name 和 returns 嵌套组或给定组中的组。当我使用 DirectoryEntry 时代码工作正常,但当我使用 LdapConnection class 时失败。有必要与 LdapConnection class 一起工作。请在下面找到代码片段:
public static void GetNestedGroups(string strGroupDN)
{
var _currentDomainofLoggedinUser = Domain.GetComputerDomain();
var currentDomainofLoggedinUser = Domain.GetComputerDomain();
var currentDomainController = currentDomainofLoggedinUser.FindDomainController(); //Gets the current Domain controller
var domainName = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName;
string strPath = "LDAP://" + currentDomainController.Name; //Gets the current domain controller name
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
using (LdapConnection ldap = new LdapConnection(new LdapDirectoryIdentifier(domainName, 636)))
{
ldap.AuthType = AuthType.Basic;
ldap.SessionOptions.SecureSocketLayer = false;
var s = new SecureString();
NetworkCredential network = new NetworkCredential(WindowsIdentity.GetCurrent().Name, s);
string ldapSearchFilter = String.Format
("(&(memberOf={0})(objectClass=group))", strGroupDN);
NetworkCredential cred = CredentialCache.DefaultNetworkCredentials;
ldap.Bind(network);
string[] attributesToReturn = new string[] { "distinguishedName" };
SearchRequest searchRequest = new SearchRequest(strGroupDN, ldapSearchFilter, SearchScope.OneLevel, attributesToReturn);
searchRequest.DistinguishedName =
strGroupDN;
searchRequest.Filter = String.Format
("(&(memberOf={0})(objectClass=group))", strGroupDN);
SearchResponse response = (SearchResponse)ldap.SendRequest(searchRequest);
if (response != null && response.Entries.Count > 0)
{
SearchResultEntry obj = response.Entries[0];
var groupCount = ((System.Collections.CollectionBase)(obj.Attributes["memberOf"])).Count;
foreach (SearchResultEntry entry in response.Entries)
{
var groupName = entry.DistinguishedName;
_subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0]);
GetNestedGroups(groupName);
}
}
}
}
在响应中它没有给出任何东西。 (在 DirectoryEntry 的情况下,它确实提供了结果)
我觉得你太难了。假设您正在使用 Microsoft Active Directory 并且您希望获得属于现有组成员的组,我认为您可以使用过滤器,例如:
(&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET))
如果您想要所有成员,包括用户:
(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)
或仅检索用户:
(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)
大部分来自 ldapwiki
让我们知道这是否可行。
对于任何组,我们可以使用以下查询获取组对象:-
public static void GetUsersCorrespondingToGroupChild(string strGroupDN) {
SearchRequest searchRequest = new SearchRequest();
searchRequest.DistinguishedName = strGroupDN;
searchRequest.Filter = String.Format("(&(objectCategory=Group)(CN={0}))", strGroupDN.ToString().Split('=')[1].Split(',')[0]);
SearchResponse response =
(SearchResponse)ldap.SendRequest(searchRequest);
if (response != null && response.Entries.Count > 0)
{
SearchResultEntry obj = response.Entries[0];//I get group object here
if (obj.Attributes["member"] != null)
{
var childCount = ((System.Collections.CollectionBase)(obj.Attributes["member"])).Count;
for (int i = 0; i < childCount; i++)
{
string groupName = obj.Attributes["member"][i].ToString();//I get all members in which i have to find subgroups
List<string> localGroupList = new List<string>();
if (groupName.Contains("OU=Groups"))
{
var attributes = obj.Attributes.AttributeNames;
string attributesstr = string.Empty;
foreach (var item in attributes)
{
attributesstr = attributesstr + "," + item;
}
_subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0] + " : " + attributesstr);
count_Children++;
}
}
}
}
}
所以对于子组,我只需要获取 return 所有用户和组的属性 ["member"] 查询,然后我必须检索与之对应的组。