Active directory LDAP\u服务器\u策略\u提示\u OID控件在AD LDS Windows服务器2012R2中不工作
我试图让AD LDS的SetPassword方法遵守密码历史域策略,但它允许我在使用LDAP_服务器_策略_提示_OID后设置密码。不知道我做错了什么。代码如下:Active directory LDAP\u服务器\u策略\u提示\u OID控件在AD LDS Windows服务器2012R2中不工作,active-directory,Active Directory,我试图让AD LDS的SetPassword方法遵守密码历史域策略,但它允许我在使用LDAP_服务器_策略_提示_OID后设置密码。不知道我做错了什么。代码如下: public SetPasswordResult SetPasswordHonoringHistory ( FeiUser feiUser, string password ) { if ( password == null ) { throw new ArgumentN
public SetPasswordResult SetPasswordHonoringHistory ( FeiUser feiUser, string password )
{
if ( password == null )
{
throw new ArgumentNullException ( "password" );
}
try
{
using (var ldapConnection = new LdapConnection( _identityProvider.LdapUrl ))
{
// enable Kerberos encryption
ldapConnection.SessionOptions.Sealing = true;
if ( !_identityProvider.LdapUseIntegratedCredentials )
{
ldapConnection.AuthType = AuthType.Negotiate;
ldapConnection.Credential = new NetworkCredential(
_identityProvider.LdapAdminUser,
_identityProvider.LdapAdminPassword,
_identityProvider.Domain);
}
ldapConnection.Bind ();
const string attribute = "unicodePwd";
const string LDAP_SERVER_POLICY_HINTS_OID = "1.2.840.113556.1.4.2239";
// modification control for the replace operation
var attributeModification = new DirectoryAttributeModification
{
Name = attribute
};
attributeModification.Add ( Encoding.Unicode.GetBytes ( String.Format ( "\"{0}\"", password ) ) );
attributeModification.Operation = DirectoryAttributeOperation.Replace;
var modifyRequest = new ModifyRequest ( feiUser.DistinguishedName, attributeModification );
var passwordHistoryFlag = new DirectoryControl (
LDAP_SERVER_POLICY_HINTS_OID,
BerConverter.Encode ( "{i}", new object[] {0x1} ),
true,
true );
modifyRequest.Controls.Add ( passwordHistoryFlag );
try
{
var result = ldapConnection.SendRequest(modifyRequest);
if ( result.ResultCode == ResultCode.Success )
{
return new SetPasswordResult ( true, true );
}
}
catch ( DirectoryOperationException exception )
{
switch ( exception.Response.ResultCode )
{
case ResultCode.UnwillingToPerform:
return new SetPasswordResult ( true, false );
case ResultCode.ConstraintViolation:
return new SetPasswordResult ( false, true );
}
}
}
}
catch ( Exception e )
{
Logger.Error ( e );
}
return null;
}
如果我使用与你相同的OID,我也会遇到同样的问题。如果我使用不推荐使用的OID 1.2.840.113556.1.4.2066,它就可以工作 根据我提供的参考链接,它已被弃用,但仍然支持Windows Server 2008 R2、2012、2012 R2和2016技术预览版。它还提到以下内容: LDAP\u服务器\u策略\u提示\u不推荐的\u OID控件具有精确的 LDAP\u服务器\u策略\u提示\u OID部分的语义和行为 3.1.1.3.4.1.27; 当服务器不支持LDAP\u服务器\u策略\u提示\u OID时,客户端可能会使用此控件。客户应使用 LDAP\u服务器\u策略\u提示\u OID(当服务器支持时) 参考链接: