5

我正在使用活动目录并想要一个所有用户的列表,基本上在 dotnet 核心中。但我收到一个例外:

已收到搜索结果参考,并且参考关注已关闭

下面是我的代码。

 LdapSearchResults lsc = lc.Search("DC = xyz, DC = local",  LdapConnection.SCOPE_ONE , "(|(objectClass = person)(objectClass = user))", null, false);
4

2 回答 2

14

死灵法——以防万一链接变暗。
要在您的应用程序中修复它,请将 ReferralFollowing 设置为 true。

如果你收到消息

已收到搜索结果参考,并且参考关注已关闭

, 添加

Novell.Directory.Ldap.LdapSearchConstraints cons = lc.SearchConstraints;
cons.ReferralFollowing = true;
lc.Constraints = cons;

到你的代码。


例子:

public static void GetUsers()
{
    System.Collections.Generic.List<ARSoft.Tools.Net.Dns.SrvRecord> lsLdap = GetLdap();
    ARSoft.Tools.Net.Dns.SrvRecord ldap = lsLdap[0];

    string[] attrs = new string[] { "cn", "distinguishedName", "sAMAccountName", "userPrincipalName", "displayName", "givenName", "sn", "mail", "mailNickname", "memberOf", "homeDirectory", "msExchUserCulture" };

    // CN = Common Name
    // OU = Organizational Unit
    // DC = Domain Component

    string searchBase = "DC=cor,DC=local";
    string searchFilter = "(&(objectClass=user)(objectCategory=person))";

    string ldapHost = MySamples.TestSettings.ldapHost;
    int ldapPort = MySamples.TestSettings.ldapPort;//System.Convert.ToInt32(args[1]);
    string loginDN = MySamples.TestSettings.loginDN; // args[2];
    string password = MySamples.TestSettings.password; // args[3];


    Novell.Directory.Ldap.LdapConnection lc = new Novell.Directory.Ldap.LdapConnection();
    int ldapVersion = Novell.Directory.Ldap.LdapConnection.Ldap_V3;
    try
    {
        // connect to the server
        lc.Connect(ldap.Target.ToString(), ldap.Port);
        // bind to the server
        lc.Bind(ldapVersion, loginDN, password);

        Novell.Directory.Ldap.LdapSearchConstraints cons = lc.SearchConstraints;
        cons.ReferralFollowing = true;
        lc.Constraints = cons;

        // To enable referral following, use LDAPConstraints.setReferralFollowing passing TRUE to enable referrals, or FALSE(default) to disable referrals.

       Novell.Directory.Ldap.LdapSearchResults lsc = lc.Search(searchBase,
                                        Novell.Directory.Ldap.LdapConnection.SCOPE_SUB,
                                        searchFilter,
                                        attrs,
                                        false,
                                        (Novell.Directory.Ldap.LdapSearchConstraints)null);

        while (lsc.HasMore())
        {
            Novell.Directory.Ldap.LdapEntry nextEntry = null;
            try
            {
                nextEntry = lsc.Next();
            }
            catch (Novell.Directory.Ldap.LdapReferralException eR)
            {
                // https://stackoverflow.com/questions/46052873/ldap-referal-error
                // The response you received means that the directory you are requesting does not contain the data you look for, 
                // but they are in another directory, and in the response there is the information about the "referral" directory 
                // on which you need to rebind to "redo" the search.This principle in LDAP are the referral.
                // https://www.novell.com/documentation/developer/ldapcsharp/?page=/documentation/developer/ldapcsharp/cnet/data/bp31k5d.html
                // To enable referral following, use LDAPConstraints.setReferralFollowing passing TRUE to enable referrals, or FALSE (default) to disable referrals.

                // are you sure your bind user meaning
                // auth.impl.ldap.userid=CN=DotCMSUser,OU=Service Accounts,DC=mycompany,DC=intranet
                // auth.impl.ldap.password = mypassword123
                // has permissions to the user that is logging in and its groups?
                System.Diagnostics.Debug.WriteLine(eR.LdapErrorMessage);
            }
            catch (Novell.Directory.Ldap.LdapException e)
            {
                // WARNING: Here catches only LDAP-Exception, no other types...
                System.Console.WriteLine("Error: " + e.LdapErrorMessage);
                // Exception is thrown, go for next entry
                continue;
            }


            var atCN = nextEntry.getAttribute("cn");
            var atUN = nextEntry.getAttribute("sAMAccountName");
            var atDN = nextEntry.getAttribute("distinguishedName");
            var atDIN = nextEntry.getAttribute("displayName");


            if (atCN != null)
                System.Console.WriteLine(atCN.StringValue);
            if (atUN != null)
                System.Console.WriteLine(atUN.StringValue);

            if (atDN != null)
                System.Console.WriteLine(atDN.StringValue);

            if (atDIN != null)
                System.Console.WriteLine(atDIN.StringValue);


            System.Console.WriteLine("\n" + nextEntry.DN);
            Novell.Directory.Ldap.LdapAttributeSet attributeSet = nextEntry.getAttributeSet();

            System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
            while (ienum.MoveNext())
            {
                Novell.Directory.Ldap.LdapAttribute attribute = (Novell.Directory.Ldap.LdapAttribute)ienum.Current;
                string attributeName = attribute.Name;
                string attributeVal = attribute.StringValue;
                System.Console.WriteLine(attributeName + "value:" + attributeVal);
            }
        }


    }
    catch (System.Exception ex)
    {
        System.Console.WriteLine(ex.Message);
    }
    finally
    {
        // disconnect with the server
        lc.Disconnect();
    }
}
于 2018-05-23T14:25:17.533 回答
1

您必须激活将遵循目录返回的引用的行为。

您收到的响应意味着您请求的目录不包含您要查找的数据,但它们在另一个目录中,并且响应中有关于您需要重新绑定到“重做”的“推荐”目录的信息“ 搜索。LDAP 中的这个原则是引用。

我不知道如何在 C# 中做到这一点,但也许看看:

https://www.novell.com/documentation/developer/ldapcsharp/?page=/documentation/developer/ldapcsharp/cnet/data/bp31k5d.html

于 2017-09-06T09:38:14.453 回答