How to get user by it's objectGUID from Active Directory by using Novell.Directory.Ldap.NETstandard?

huangapple
go评论65阅读模式
英文:

How to get user by it's objectGUID from Active Directory by using Novell.Directory.Ldap.NETstandard?

问题

我正在编写一个.NET Core应用程序。该应用程序使用"Novell.Directory.Ldap.NETStandard" v3.6.0与Windows上的Active Directory进行连接。我试图使用objectGUID检索条目,但没有可用的基本搜索,这意味着我需要在整个目录中搜索。以下是我正在使用的代码示例。

string ldapHost = "ldap.example.com";
int ldapPort = 389;
string ldapUser = "cn=admin,dc=example,dc=com";
string ldapPassword = "password";

string searchBase = ""; // 设置为null/空以从根目录搜索

string[] _attributes = { "objectGUID", "objectCategory", "objectClass" };

// 使用objectGUID属性和GUID值构造搜索过滤器
string searchFilter = "(objectGUID=3EBCE0D7-89A1-41A5-9AFD-71C2A8BEC408)";

LdapConnection ldapConnection = new LdapConnection();
ldapConnection.Connect(ldapHost, ldapPort);
ldapConnection.Bind(ldapUser, ldapPassword);

LdapSearchConstraints searchConstraints = new LdapSearchConstraints();
searchConstraints.ReferralFollowing = true;

LdapSearchResults searchResults;
try
{
    searchResults = (LdapSearchResults)ldapConnection.Search(
        searchBase,
        LdapConnection.ScopeSub,
        searchFilter,
        _attributes,
        false,
        searchConstraints);
}
catch (LdapException ex)
{
    Console.WriteLine("Search operation failed: " + ex.Message);
    ldapConnection.Disconnect();
    return;
}

if (searchResults.HasMore())
{
    LdapEntry entry = searchResults.Next();
    string distinguishedName = entry.Dn;
    Console.WriteLine("Entry Found: " + distinguishedName);
}
else
{
    Console.WriteLine("Entry not found.");
}

ldapConnection.Disconnect();

请注意,searchBase 设置为 string.Empty 以在整个目录中搜索。当代码运行时,连接建立正常,但在 searchResults.Next() 上收到以下异常:

'No Such Object'

请帮助我在没有可用搜索基础的情况下使用objectGUID从Active Directory中查找条目。感谢。

英文:

I am writing a .NET Core application. The application is using "Novell.Directory.Ldap.NETStandard" v3.6.0 to connect with Active Directory on Windows. I am trying to fetch an entry using objectGUID but there is no base search available which means I need to search in the whole directory. Below is the code sample i am using.

string ldapHost = "ldap.example.com";
int ldapPort = 389;
string ldapUser = "cn=admin,dc=example,dc=com";
string ldapPassword = "password";

string searchBase = ""; // Set to null/empty to search from the root

string[] _attributes = { "objectGUID", "objectCategory", "objectClass" };

// Construct the search filter with the objectGUID attribute and the GUID value
string searchFilter = "(objectGUID=3EBCE0D7-89A1-41A5-9AFD-71C2A8BEC408)";

LdapConnection ldapConnection = new LdapConnection();
ldapConnection.Connect(ldapHost, ldapPort);
ldapConnection.Bind(ldapUser, ldapPassword);

LdapSearchConstraints searchConstraints = new LdapSearchConstraints();
searchConstraints.ReferralFollowing = true;

LdapSearchResults searchResults;
try
{
	searchResults = (LdapSearchResults)ldapConnection.Search(
			searchBase,
				LdapConnection.ScopeSub,
					searchFilter,
						_attributes,
							false,
								searchConstraints);
}
catch (LdapException ex)
{
	Console.WriteLine("Search operation failed: " + ex.Message);
	ldapConnection.Disconnect();
	return;
}

if (searchResults.HasMore())
{
	LdapEntry entry = searchResults.Next();
	string distinguishedName = entry.Dn;
	Console.WriteLine("Entry Found: " + distinguishedName);
}
else
{
	Console.WriteLine("Entry not found.");
}

ldapConnection.Disconnect();

Please note the searchBase is passed with string.Empty to search in the whole directory. When the code runs the connection establishes fine and gets below exception on searchResults.Next()

> 'No Such Object'

Please help me to find an entry from an active directory by using objectGUID where no search base is available.

Thanks.

答案1

得分: 2

Active Directory 允许您使用以下格式直接绑定到对象的 GUID<GUID=XXXXX>

所以我认为您可以将搜索基础设置为该格式,并将搜索范围设置为ScopeBase,像这样:

searchResults = (LdapSearchResults)ldapConnection.Search(
		"<GUID=3EBCE0D7-89A1-41A5-9AFD-71C2A8BEC408>",
		LdapConnection.ScopeBase,
		"",
		_attributes,
		false,
		searchConstraints);

我只在 Microsoft 的 DirectoryEntry 中使用过这种方法 - 对于 Novell 库,我没有经验,所以可能需要一些调整来使其工作。

英文:

Active Directory allows you to bind directly to an object by the GUID using this format: <GUID=XXXXX>

So I believe you can set the search base to that and set the search scope to ScopeBase, like this:

searchResults = (LdapSearchResults)ldapConnection.Search(
		"<GUID=3EBCE0D7-89A1-41A5-9AFD-71C2A8BEC408>",
		LdapConnection.ScopeBase,
		"",
		_attributes,
		false,
		searchConstraints);

I've only done this with Microsoft's DirectoryEntry - I have no experience with the Novell library, so this might need some tweaks to get it to work.

huangapple
  • 本文由 发表于 2023年6月15日 21:43:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/76483116.html
  • active-directory
  • ldap
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定