1. 首頁
  2. 問答
  3. 如何以編程方式更新和刪除SQL中的LDAP用戶?

如何以編程方式更新和刪除SQL中的LDAP用戶?

2011-12-03 40 views
0

所以我正在尋找一些ldap值,並將它們插入數據庫加密。我有插入工作,但我需要檢查用戶是否仍然是組的一部分,如果不從數據庫中刪除它們,並且如果有新用戶添加它插入它們而不是插入現有用戶。你能給我一些關於這方面最佳實踐的指導嗎?我不想截斷表格並重新插入所有內容。如何以編程方式更新和刪除SQL中的LDAP用戶?

 try 
     { 
      /* Connection to Active Directory */ 
      DirectoryEntry deBase = new DirectoryEntry("LDAP://" + txtLDAP.Text + ":" + txtLDapPort.Text + "/" + txtBadeDN.Text, txtUsername.Text, txtPassword.Text, AuthenticationTypes.Secure); 

      /* Directory Search*/ 
      DirectorySearcher dsLookForGrp = new DirectorySearcher(deBase); 
      dsLookForGrp.Filter = String.Format("(cn={0})", txtGroup.Text); 
      dsLookForGrp.SearchScope = SearchScope.Subtree; 
      dsLookForGrp.PropertiesToLoad.Add("distinguishedName"); 
      SearchResult srcGrp = dsLookForGrp.FindOne(); 

      /* Directory Search 
      */ 
      DirectorySearcher dsLookForUsers = new DirectorySearcher(deBase); 
      dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties["distinguishedName"][0]); 
      dsLookForUsers.SearchScope = SearchScope.Subtree; 
      dsLookForUsers.PropertiesToLoad.Add("objectSid"); 
      dsLookForUsers.PropertiesToLoad.Add("sAMAccountName"); 
      SearchResultCollection srcLstUsers = dsLookForUsers.FindAll(); 

      StringBuilder sbUsers = new StringBuilder(); 

      foreach (SearchResult sruser in srcLstUsers) 
      { 
       SecurityIdentifier sid = new SecurityIdentifier((byte[])sruser.Properties["objectSid"][0], 0); 
       string ConnString = "ConnectionString Removed"; 
       string SqlString = "spInsertADAuthorization"; 
       using (OleDbConnection conn = new OleDbConnection(ConnString)) 
       { 
        using (OleDbCommand cmd = new OleDbCommand(SqlString, conn)) 
        { 
         cmd.CommandType = CommandType.StoredProcedure; 
         cmd.Parameters.AddWithValue("AD_Account", SpartaCrypto.SpartaEncryptAES(sruser.Properties["sAMAccountName"][0].ToString(), "thisisasharedsecret")); 
         cmd.Parameters.AddWithValue("AD_SID", SpartaCrypto.SpartaEncryptAES(sid.ToString(), "thisisasharedsecret")); 
         cmd.Parameters.AddWithValue("AD_EmailAddress", "[email protected]"); 
         cmd.Parameters.AddWithValue("DateImported", DateTime.Now.ToString()); 
         cmd.Parameters.AddWithValue("Active", 1); 
         conn.Open(); 
         cmd.ExecuteNonQuery(); 
         conn.Close(); 
        } 
       } 
       lblResults.Text = srcLstUsers.Count + " Users granted access."; 
      } 
     } 

     catch (Exception ex) 
     { 
      if (ex.Message.Contains("Logon failure")) 
      { 
       lblResults.Text = "Logon Failure. Check your username or password."; 
      } 

      if (ex.Message.Contains("The server is not operational")) 
      { 
       lblResults.Text = "LDAP Error. Check your hostname or port."; 
      } 
      if (ex.Message.Contains("Object reference not set to an instance of an object")) 
      { 
       lblResults.Text = "LDAP Error. Check your hostname, port, or group name and try again."; 
      } 


     }

來源

2011-12-03 Dan C.

回答

0

既然你在.NET 3.5及以上,你應該看看System.DirectoryServices.AccountManagement(S.DS.AM)命名空間。在這裏閱讀全部內容:

您可以使用PrincipalSearcher和 「查詢通過例如」 主要做你的搜索:

// create your domain context 
PrincipalContext ctx = new PrincipalContext(ContextType.Domain); 

// define a "query-by-example" principal - here, we search for a UserPrincipal 
// and with the first name (GivenName) of "Bruce" 
UserPrincipal qbeUser = new UserPrincipal(ctx); 
qbeUser.GivenName = "Bruce"; 

// create your principal searcher passing in the QBE principal  
PrincipalSearcher srch = new PrincipalSearcher(qbeUser); 

// find all matches 
foreach(var found in srch.FindAll()) 
{ 
    // do whatever here - "found" is of type "Principal" - it could be user, group, computer.....   
}

對於單一委託人的工作,編程界面也更好:

// find a user 
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName"); 

if(user != null) 
{ 
    // do something here... you can access most of the commonly used properties easily 
    user.GivenName = "...."; 
    user.Surname = "......"; 
    user.SamAccountName = "....."; 
} 

// find the group in question 
GroupPrincipal group = GroupPrincipal.FindByIdentity(ctx, "YourGroupNameHere"); 

// if found.... 
if (group != null) 
{ 
    // iterate over members 
    foreach (Principal p in group.GetMembers()) 
    { 
     Console.WriteLine("{0}: {1}", p.StructuralObjectClass, p.DisplayName); 
     // do whatever you need to do to those members 
    } 
}

新的S.DS.AM使它真的很容易與AD中的用戶和組玩耍!

來源

2011-12-03 09:22:59

+0

我會研究一下,謝謝。但是,我試圖從中得到的想法是如何管理插入剛剛加入組的用戶,而不是重新插入我們已經在數據庫中擁有的用戶。還要刪除數據庫中但不再屬於組的組成員的用戶。 –

相關問題

 相關問題