1. 首頁
  2. 問答
  3. 可分辨名稱包含無效語法錯誤

可分辨名稱包含無效語法錯誤

2010-06-02 91 views
1

我正在嘗試使用LDAP來驗證用戶,但我遇到了LDAP問題。可分辨名稱包含無效語法錯誤

這是我的代碼:

string hostOrDomainName = "MrHand-PC"; 
string targetOu = "cn=Huy Pham,ou=people,dc=example,dc=com"; 

// create a search filter to find all objects 
string ldapSearchFilter = "uid=pdhuy"; 

// establish a connection to the directory 
LdapConnection connection = new LdapConnection(hostOrDomainName); 

Console.WriteLine("\r\nPerforming a simple search ..."); 
SearchRequest searchRequest = new SearchRequest(targetOu, ldapSearchFilter, 
    System.DirectoryServices.Protocols.SearchScope.OneLevel, null); 

// cast the returned directory response as a SearchResponse object 
SearchResponse searchResponse = 
      (SearchResponse)connection.SendRequest(searchRequest);

最後一行拋出異常:The distinguished name contains invalid syntax.

誰能幫我解決這個問題?

來源

2010-06-02 handle0088

+1

我不認爲'MrHand-PC'是LdapConnection的一個有效LDAP路徑 - 嘗試使用類似於'LDAP:// MrHand-PC/dc = YourCompany,dc = com' - **有效** LDAP路徑 – 2010-06-02 17:03:14

+0

感謝您的快速回復,我使用路徑:LDAP:// localhost:389/dc = example,dc = com與LDAP瀏覽器,它的工作(我安裝OpenLDAP在我的本地PC)。 Active Directory一切正常,您是否可以解釋我的問題? – handle0088 2010-06-03 04:30:58

回答

2

反對LDAP身份驗證,您可以試試以下(域名,用戶名和密碼參數):

bool IsAuthenticated = false;    
string domainAndUsername = domain + @"\" + username; 
string dirContext = GetAuthenticatingDirectory(domain); 
using (DirectoryEntry entry = new DirectoryEntry("LDAP://" + dirContext, domainAndUsername, password)) 
{ 
    try 
    { 
     Object obj = entry.NativeObject; 
     DirectorySearcher search = new DirectorySearcher(entry); 
     search.Filter = "(SAMAccountName=" + username + ")"; 
     search.PropertiesToLoad.Add("cn"); 
     SearchResult result = search.FindOne(); 
     if (result != null) 
     { 
      IsAuthenticated = true;        
     } 
    } 
    catch (Exception e) 
    { 
     //handle appropriately according to your requirements 
    } 
} 

return IsAuthenticated;

其中GetAuthenticatingDirectory()被定義爲

private string GetAuthenticatingDirectory(string domain) 
{ 
    string authenticatingDirectory = string.Empty; 
    string dotComDomain = domain + @".com"; 

    // Connect to RootDSE 
    using (DirectoryEntry RootDSE = new DirectoryEntry("LDAP://rootDSE")) 
    { 
     // Retrieve the Configuration Naming Context from RootDSE 
     string configNC = RootDSE.Properties["configurationNamingContext"].Value.ToString(); 

     // Connect to the Configuration Naming Context 
     using (DirectoryEntry configSearchRoot = new DirectoryEntry("LDAP://" + configNC)) 
     { 
      // Search for all partitions where the NetBIOSName is set. 
      using (DirectorySearcher configSearch = new DirectorySearcher(configSearchRoot)) 
      { 
       configSearch.Filter = ("(NETBIOSName=*)"); 

       // Configure search to return dnsroot and ncname attributes 
       configSearch.PropertiesToLoad.Add("dnsroot"); 
       configSearch.PropertiesToLoad.Add("ncname"); 
       using (SearchResultCollection forestPartitionList = configSearch.FindAll()) 
       { 
        // Loop through each returned domain in the result collection 
        foreach (SearchResult domainPartition in forestPartitionList) 
        { 
         // domainName like "domain.com". ncName like "DC=domain,DC=com" 
         string domainName = domainPartition.Properties["dnsroot"][0].ToString(); 
         string ncName = domainPartition.Properties["ncname"][0].ToString(); 

         if (dotComDomain.Equals(domainName, StringComparison.OrdinalIgnoreCase)) 
         { 
          authenticatingDirectory = ncName; 
          break; 
         } 
        } 
       } 
      } 
     } 
    } 

    return authenticatingDirectory; 
}

來源

2010-06-02 21:08:38

+0

我試過你的代碼,並且收到錯誤信息:'目錄服務不可用'。請幫我解決這個問題 – handle0088 2010-06-03 07:00:21

相關問題

 相關問題