如何在 C# 中获取 System.DirectoryServices.Protocol 中的嵌套组(子组)

How to get nested groups (subgroups) in System.DirectoryServices.Protocol in c#

我有一个函数,它使用 SearchRequest 查询和 SearchResponse 获取参数作为组的 Distringuished name 和 returns 嵌套组或给定组中的组。当我使用 DirectoryEntry 时代码工作正常,但当我使用 LdapConnection class 时失败。有必要与 LdapConnection class 一起工作。请在下面找到代码片段:

public static void GetNestedGroups(string strGroupDN)
{
    var _currentDomainofLoggedinUser = Domain.GetComputerDomain();

    var currentDomainofLoggedinUser = Domain.GetComputerDomain();
    var currentDomainController = currentDomainofLoggedinUser.FindDomainController(); //Gets the current Domain controller

    var domainName = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName;
    string strPath = "LDAP://" + currentDomainController.Name; //Gets the current domain controller name
    AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
    using (LdapConnection ldap = new LdapConnection(new LdapDirectoryIdentifier(domainName, 636)))
    {
        ldap.AuthType = AuthType.Basic;
        ldap.SessionOptions.SecureSocketLayer = false;
        var s = new SecureString();
        NetworkCredential network = new NetworkCredential(WindowsIdentity.GetCurrent().Name, s);

        string ldapSearchFilter = String.Format
              ("(&(memberOf={0})(objectClass=group))", strGroupDN);
        NetworkCredential cred = CredentialCache.DefaultNetworkCredentials;
        ldap.Bind(network);
        string[] attributesToReturn = new string[] { "distinguishedName" };


        SearchRequest searchRequest = new SearchRequest(strGroupDN, ldapSearchFilter, SearchScope.OneLevel, attributesToReturn);
        searchRequest.DistinguishedName =
            strGroupDN;


        searchRequest.Filter = String.Format
               ("(&(memberOf={0})(objectClass=group))", strGroupDN);
        SearchResponse response = (SearchResponse)ldap.SendRequest(searchRequest);
        if (response != null && response.Entries.Count > 0)
        {
            SearchResultEntry obj = response.Entries[0];

            var groupCount = ((System.Collections.CollectionBase)(obj.Attributes["memberOf"])).Count;
            foreach (SearchResultEntry entry in response.Entries)
            {
                var groupName = entry.DistinguishedName;
                _subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0]);
                GetNestedGroups(groupName);
            }

        }
    }
}

在响应中它没有给出任何东西。 (在 DirectoryEntry 的情况下,它确实提供了结果)

我觉得你太难​​了。假设您正在使用 Microsoft Active Directory 并且您希望获得属于现有组成员的组,我认为您可以使用过滤器,例如:

(&(objectCategory=group)(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET))

如果您想要所有成员,包括用户:

(memberOf:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET) 

或仅检索用户:

(&(objectClass=user)(memberof:1.2.840.113556.1.4.1941:=CN=GroupOne,OU=Security Groups,OU=Groups,DC=YOURDOMAIN,DC=NET)

大部分来自 ldapwiki

让我们知道这是否可行。

对于任何组,我们可以使用以下查询获取组对象:-

public static void GetUsersCorrespondingToGroupChild(string strGroupDN) {

        SearchRequest searchRequest = new SearchRequest();
        searchRequest.DistinguishedName = strGroupDN;
        searchRequest.Filter = String.Format("(&(objectCategory=Group)(CN={0}))", strGroupDN.ToString().Split('=')[1].Split(',')[0]);
        SearchResponse response =
  (SearchResponse)ldap.SendRequest(searchRequest);
        if (response != null && response.Entries.Count > 0)
        {
            SearchResultEntry obj = response.Entries[0];//I get group object here
            if (obj.Attributes["member"] != null)
            {


                var childCount = ((System.Collections.CollectionBase)(obj.Attributes["member"])).Count;

                for (int i = 0; i < childCount; i++)
                {

                    string groupName = obj.Attributes["member"][i].ToString();//I get all members in which i have to find subgroups
                    List<string> localGroupList = new List<string>();
                    if (groupName.Contains("OU=Groups"))
                    {
                        var attributes = obj.Attributes.AttributeNames;
                        string attributesstr = string.Empty;
                        foreach (var item in attributes)
                        {
                            attributesstr = attributesstr + "," + item;
                        }
                        _subGroupList.Add(groupName.ToString().Split('=')[1].Split(',')[0] + "  :  " + attributesstr);
                        count_Children++;


                    }



                }


            }
        }

    }

所以对于子组,我只需要获取 return 所有用户和组的属性 ["member"] 查询,然后我必须检索与之对应的组。