是否可以在不指定的情况下从 LDAP 检索所有属性/值的列表,如果可以,这怎么可能?
我获取 DirectoryEntry 类对象的所有参数的列表。我希望它会有所帮助:
objectClass = System.Object[]
cn = Administrator
sn = Kwiatek (Last name)
c = PL (Country Code)
l = Warszawa (City)
st = Mazowieckie (Voivodeship)
title = .NET Developer
description = Built-in account for administering the computer/domain
postalCode = 00-000
postOfficeBox = Warszawa Ursynów
physicalDeliveryOfficeName = Wojskowa Akademia Techniczna
givenName = Piotr (First name)
distinguishedName = CN=Administrator,CN=Users,DC=helpdesk,DC=wat,DC=edu
instanceType = 4
whenCreated = 2012-11-23 06:09:28
whenChanged = 2013-02-23 13:24:41
displayName = Piotr Kwiatek (Konto administratora)
uSNCreated = System.__ComObject
memberOf = System.Object[]
uSNChanged = System.__ComObject
co = Poland
company = HELPDESK
streetAddress = Kaliskiego 2
wWWHomePage = http://www.piotr.kwiatek.org
name = Administrator
objectGUID = System.Byte[]
userAccountControl = 512
badPwdCount = 0
codePage = 0
countryCode = 616
badPasswordTime = System.__ComObject
lastLogoff = System.__ComObject
lastLogon = System.__ComObject
logonHours = System.Byte[]
pwdLastSet = System.__ComObject
primaryGroupID = 513
objectSid = System.Byte[]
adminCount = 1
accountExpires = System.__ComObject
logonCount = 178
sAMAccountName = Administrator
sAMAccountType = 805306368
objectCategory = CN=Person,CN=Schema,CN=Configuration,DC=helpdesk,DC=wat,DC=edu
isCriticalSystemObject = True
dSCorePropagationData = System.Object[]
lastLogonTimestamp = System.__ComObject
mail = [email protected]
nTSecurityDescriptor = System.__ComObject
这里你有代码:
string currentUserSid = WindowsIdentity.GetCurrent().User.Value;
PrincipalContext ctx = new PrincipalContext(
ContextType.Domain,
"helpdesk.wat.edu");
UserPrincipal up = UserPrincipal.FindByIdentity(
ctx, IdentityType.Sid,
currentUserSid);
/*
*
*/
DirectoryEntry entry = up.GetUnderlyingObject() as DirectoryEntry;
PropertyCollection props = entry.Properties;
/*
*
*/
foreach (string propName in props.PropertyNames)
{
if (entry.Properties[propName].Value != null)
{
Console.WriteLine(propName + " = " + entry.Properties[propName].Value.ToString());
}
else
{
Console.WriteLine(propName + " = NULL");
}
}
Console.ReadKey();
指定“*”作为要返回的属性列表中的唯一值。
如果您还需要操作属性,请将“+”添加到列表中。
但是,请注意,您只会看到那些允许您查看的属性(受 ACL 限制)。
// This will list ALL the properties from AD (between 200 and 800..or more)
// If someone has a solution for non AD servers please post it!
List<String> properties = new List<String>();
IPAddress[] ips = Dns.GetHostAddresses(Server).Where(w => w.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork).ToArray();
if (ips.Length > 0)
{
DirectoryContext directoryContext = new DirectoryContext(DirectoryContextType.DirectoryServer, ips[0].ToString() + ":389", Username, Password);
ActiveDirectorySchema adschema = ActiveDirectorySchema.GetSchema(directoryContext);
ActiveDirectorySchemaClass adschemaclass = adschema.FindClass("User");
// Read the OptionalProperties & MandatoryProperties
ReadOnlyActiveDirectorySchemaPropertyCollection propcol = adschemaclass.GetAllProperties();
foreach (ActiveDirectorySchemaProperty schemaProperty in propcol)
properties.Add(schemaProperty.Name.ToLower());
}
您可以使用 DirectoryEntry 生成属性列表,当然您必须使用每个属性来浏览属性列表。
DirectoryEntry objADAM = default(DirectoryEntry);
string properties = string.Empty;
foreach (string property in objADAM.Properties.PropertyNames)
{
properties += property + ", ";
}
但是,当涉及到 C# 和 Active Directory 时,您始终可以参考 http://www.codeproject.com/KB/system/everythingInAD.aspx。
更新:http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C
就目录而言,单独“检索所有属性”是没有意义的。 你的意思是:
而且我没有考虑到一些用户属性可以是只读的而其他属性只能用特定值写入的事实。我添加了获取内容的方式。
@Ghostfire 提供了检索所有用户属性值和操作属性的解决方案。
DirectoryEntry deUser = new DirectoryEntry("LDAP://WM2008R2ENT:389/CN=AUser,OU=MonOu,DC=dom,DC=fr");
foreach (string property in deUser.Properties.PropertyNames)
{
Console.WriteLine("\t{0} : {1} ", property, deUser.Properties[property][0]);
}
但请记住,在 LDAP 搜索中,最好的方法是提供您想要检索的属性 :
/* Connection to Active Directory
*/
DirectoryEntry deBase = new DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr");
/* Directory Search
*/
DirectorySearcher dsLookFor = new DirectorySearcher(deBase);
dsLookFor.Filter = "(sn=users)";
dsLookFor.SearchScope = SearchScope.Subtree;
dsLookFor.PropertiesToLoad.Add("cn");
dsLookFor.PropertiesToLoad.Add("givenName");
dsLookFor.PropertiesToLoad.Add("telephoneNumber");
dsLookFor.Sort = new SortOption("givenName", SortDirection.Descending);
dsLookFor.VirtualListView = new DirectoryVirtualListView(1, 0, 2);
SearchResultCollection srcUsers = dsLookFor.FindAll();
ADSI Edit 是一个很好的工具,可以帮助您解决问题。 在这种情况下,您需要的是架构数据。 当您打开 ADSI 编辑器时,选择“连接到...”,然后对于众所周知的命名上下文,您选择“架构”...现在您可以查看不同的架构类:(subSchema、classSchema、attributeSchema) ...
棘手的是知道您需要选择一个类Schema,然后获取其“schemaIDGUID”...然后对所有 attributeSchema 进行搜索并过滤“schemaIDGUID”
例如。 如果您选择查看“CN=User”,您会注意到 schemaIDGUID == bf967aba-0de6-11d0-a285-00aa003049e2
然后,如果您选择查看“CN=Pwd-Last-Set”,您会注意到 schemaIDGUID 匹配......
尽管如此,使用 ActiveDirectorySchemaClass 可能要容易得多(正如 David 所回答的那样),但我想分享一些知识。
要获取所有可能属性的列表,您应该查看查询给定对象类的架构。