ldap_search_s returns LDAP_OPERATIONS_ERROR
ldap_search_s returns LDAP_OPERATIONS_ERROR
我有 Windows Server 2016 和基本的 Active Directory,我正在尝试通过 WinApi(Wldap32,Winldap.h)使用 C++ 登录并检查用户组。
身份验证似乎有效,但我在 ldap_search_s (ldap_search_sW) 之后得到 LDAP_OPERATIONS_ERROR。
const std::wstring addressStr = L"192.168.78.3";
const std::wstring usernameStr = L"myuser"; // the same as in the filter below
const std::wstring passwordStr = L"";
ULONG version = LDAP_VERSION3;
LDAP *pLdapConnection = ldap_init(const_cast<wchar_t *>(addressStr.c_str()), static_cast<ULONG>(config_.adPort()));
if (pLdapConnection == nullptr) {
throw ...;
}
ULONG ret = ldap_set_option(pLdapConnection, LDAP_OPT_PROTOCOL_VERSION, static_cast<void *>(&version));
if (ret != LDAP_SUCCESS) {
throw ...;
}
ret = ldap_connect(pLdapConnection, nullptr);
if (ret != LDAP_SUCCESS) {
throw ...;
}
ret = ldap_bind_s(pLdapConnection, const_cast<wchar_t *>(usernameStr.c_str()), const_cast<wchar_t *>(passwordStr.c_str()),
LDAP_AUTH_SIMPLE);
if (ret != LDAP_SUCCESS) {
if (ret == 0x31) {
throw ...;
}
throw ...;
}
LDAPMessage *pSearchResult = nullptr;
std::wstring filter = L"(&(sAMAccountName=myuser)(memberof=CN=Administrators))";
std::wstring dn = L"dc=whatever,dc=net";
ret = ldap_search_s(pLdapConnection, const_cast<wchar_t *>(dn.c_str()), LDAP_SCOPE_SUBTREE, const_cast<wchar_t *>(filter.c_str()),
nullptr, 0, &pSearchResult);
// ret == 1 == LDAP_OPERATIONS_ERROR;
这些示例可能会对您有所帮助。
//Example DN
const std::wstring usernameStr = L"uid=user,ou=People,dc=company,dc=com"
//Example UPN
const std::wstring usernameStr = L"user@company.com"
//Example NT-style login
const std::wstring usernameStr = L"COMPANY\user"
问题实际上与身份验证有关,与搜索查询无关。
我使用了空密码并且 ldap_bind_s 没有报告任何错误,因为在这种情况下显然它是匿名绑定的(看起来它在 MSDN 中没有提到)。 (这是一个测试虚拟机,我不记得密码但记得之前我尝试为该用户设置空密码,但可能不成功)
我有 Windows Server 2016 和基本的 Active Directory,我正在尝试通过 WinApi(Wldap32,Winldap.h)使用 C++ 登录并检查用户组。
身份验证似乎有效,但我在 ldap_search_s (ldap_search_sW) 之后得到 LDAP_OPERATIONS_ERROR。
const std::wstring addressStr = L"192.168.78.3";
const std::wstring usernameStr = L"myuser"; // the same as in the filter below
const std::wstring passwordStr = L"";
ULONG version = LDAP_VERSION3;
LDAP *pLdapConnection = ldap_init(const_cast<wchar_t *>(addressStr.c_str()), static_cast<ULONG>(config_.adPort()));
if (pLdapConnection == nullptr) {
throw ...;
}
ULONG ret = ldap_set_option(pLdapConnection, LDAP_OPT_PROTOCOL_VERSION, static_cast<void *>(&version));
if (ret != LDAP_SUCCESS) {
throw ...;
}
ret = ldap_connect(pLdapConnection, nullptr);
if (ret != LDAP_SUCCESS) {
throw ...;
}
ret = ldap_bind_s(pLdapConnection, const_cast<wchar_t *>(usernameStr.c_str()), const_cast<wchar_t *>(passwordStr.c_str()),
LDAP_AUTH_SIMPLE);
if (ret != LDAP_SUCCESS) {
if (ret == 0x31) {
throw ...;
}
throw ...;
}
LDAPMessage *pSearchResult = nullptr;
std::wstring filter = L"(&(sAMAccountName=myuser)(memberof=CN=Administrators))";
std::wstring dn = L"dc=whatever,dc=net";
ret = ldap_search_s(pLdapConnection, const_cast<wchar_t *>(dn.c_str()), LDAP_SCOPE_SUBTREE, const_cast<wchar_t *>(filter.c_str()),
nullptr, 0, &pSearchResult);
// ret == 1 == LDAP_OPERATIONS_ERROR;
这些示例可能会对您有所帮助。
//Example DN
const std::wstring usernameStr = L"uid=user,ou=People,dc=company,dc=com"
//Example UPN
const std::wstring usernameStr = L"user@company.com"
//Example NT-style login
const std::wstring usernameStr = L"COMPANY\user"
问题实际上与身份验证有关,与搜索查询无关。
我使用了空密码并且 ldap_bind_s 没有报告任何错误,因为在这种情况下显然它是匿名绑定的(看起来它在 MSDN 中没有提到)