1. 首页
  2. 问答
  3. 可分辨名称包含无效语法错误

可分辨名称包含无效语法错误

2010-06-02 166 views
1

我正在尝试使用LDAP来验证用户,但我遇到了LDAP问题。可分辨名称包含无效语法错误

这是我的代码:

string hostOrDomainName = "MrHand-PC"; 
string targetOu = "cn=Huy Pham,ou=people,dc=example,dc=com"; 

// create a search filter to find all objects 
string ldapSearchFilter = "uid=pdhuy"; 

// establish a connection to the directory 
LdapConnection connection = new LdapConnection(hostOrDomainName); 

Console.WriteLine("\r\nPerforming a simple search ..."); 
SearchRequest searchRequest = new SearchRequest(targetOu, ldapSearchFilter, 
    System.DirectoryServices.Protocols.SearchScope.OneLevel, null); 

// cast the returned directory response as a SearchResponse object 
SearchResponse searchResponse = 
      (SearchResponse)connection.SendRequest(searchRequest);

最后一行抛出异常:The distinguished name contains invalid syntax.

谁能帮我解决这个问题?

来源

2010-06-02 handle0088

+1

我不认为'MrHand-PC'是LdapConnection的一个有效LDAP路径 - 尝试使用类似于'LDAP:// MrHand-PC/dc = YourCompany,dc = com' - **有效** LDAP路径 – 2010-06-02 17:03:14

+0

感谢您的快速回复,我使用路径:LDAP:// localhost:389/dc = example,dc = com与LDAP浏览器,它的工作(我安装OpenLDAP在我的本地PC)。 Active Directory一切正常,您是否可以解释我的问题? – handle0088 2010-06-03 04:30:58

回答

2

反对LDAP身份验证,您可以试试以下(域名,用户名和密码参数):

bool IsAuthenticated = false;    
string domainAndUsername = domain + @"\" + username; 
string dirContext = GetAuthenticatingDirectory(domain); 
using (DirectoryEntry entry = new DirectoryEntry("LDAP://" + dirContext, domainAndUsername, password)) 
{ 
    try 
    { 
     Object obj = entry.NativeObject; 
     DirectorySearcher search = new DirectorySearcher(entry); 
     search.Filter = "(SAMAccountName=" + username + ")"; 
     search.PropertiesToLoad.Add("cn"); 
     SearchResult result = search.FindOne(); 
     if (result != null) 
     { 
      IsAuthenticated = true;        
     } 
    } 
    catch (Exception e) 
    { 
     //handle appropriately according to your requirements 
    } 
} 

return IsAuthenticated;

其中GetAuthenticatingDirectory()被定义为

private string GetAuthenticatingDirectory(string domain) 
{ 
    string authenticatingDirectory = string.Empty; 
    string dotComDomain = domain + @".com"; 

    // Connect to RootDSE 
    using (DirectoryEntry RootDSE = new DirectoryEntry("LDAP://rootDSE")) 
    { 
     // Retrieve the Configuration Naming Context from RootDSE 
     string configNC = RootDSE.Properties["configurationNamingContext"].Value.ToString(); 

     // Connect to the Configuration Naming Context 
     using (DirectoryEntry configSearchRoot = new DirectoryEntry("LDAP://" + configNC)) 
     { 
      // Search for all partitions where the NetBIOSName is set. 
      using (DirectorySearcher configSearch = new DirectorySearcher(configSearchRoot)) 
      { 
       configSearch.Filter = ("(NETBIOSName=*)"); 

       // Configure search to return dnsroot and ncname attributes 
       configSearch.PropertiesToLoad.Add("dnsroot"); 
       configSearch.PropertiesToLoad.Add("ncname"); 
       using (SearchResultCollection forestPartitionList = configSearch.FindAll()) 
       { 
        // Loop through each returned domain in the result collection 
        foreach (SearchResult domainPartition in forestPartitionList) 
        { 
         // domainName like "domain.com". ncName like "DC=domain,DC=com" 
         string domainName = domainPartition.Properties["dnsroot"][0].ToString(); 
         string ncName = domainPartition.Properties["ncname"][0].ToString(); 

         if (dotComDomain.Equals(domainName, StringComparison.OrdinalIgnoreCase)) 
         { 
          authenticatingDirectory = ncName; 
          break; 
         } 
        } 
       } 
      } 
     } 
    } 

    return authenticatingDirectory; 
}

来源

2010-06-02 21:08:38

+0

我试过你的代码,并且收到错误信息:'目录服务不可用'。请帮我解决这个问题 – handle0088 2010-06-03 07:00:21

相关问题

 相关问题