Vb.net AD不返回经过身份验证的用户所属的组
我能够通过LDAP验证给定的用户域、用户名和密码,但无法检索他关联的组:( 这是我正在使用的代码Vb.net AD不返回经过身份验证的用户所属的组,vb.net,active-directory,ldap,Vb.net,Active Directory,Ldap,我能够通过LDAP验证给定的用户域、用户名和密码,但无法检索他关联的组:( 这是我正在使用的代码 Public Function ValidateActiveDirectoryLogin(ByVal domainName As String, ByVal userName As String, ByVal userPassword As String) As Boolean Dim isValidated As Boolean = False Try
Public Function ValidateActiveDirectoryLogin(ByVal domainName As String, ByVal userName As String, ByVal userPassword As String) As Boolean
Dim isValidated As Boolean = False
Try
Dim ldapPath As String = "LDAP://" & domainName
Dim dirEntry As New DirectoryEntry(ldapPath, userName, userPassword, AuthenticationTypes.Secure)
Dim dirSearcher As New DirectorySearcher(dirEntry)
dirSearcher.Filter = "(SAMAccountName=" & userName & ")"
dirSearcher.PropertiesToLoad.Add("memberOf")
Dim result As SearchResult = dirSearcher.FindOne()
If Not result Is Nothing Then
For Each x As DictionaryEntry In result.Properties
x.Key.ToString()
'DirectCast(x, System.Collections.DictionaryEntry).Key()
Next
Dim groupCount As Integer = result.Properties("memberOf").Count
Dim isInGroup As Boolean = False
For index As Integer = 0 To groupCount - 1
Dim groupDN As String = result.Properties("memberOf").Item(index).ToString
Dim equalsIndex As Integer = groupDN.IndexOf("=")
Dim commaIndex As Integer = groupDN.IndexOf(",")
Dim group As String = groupDN.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToLower
If group.Equals(groupName.ToLower) Then
isInGroup = True
Exit For
End If
Next index
isValidated = isInGroup
End If
Catch ex As Exception
Throw New Exception(ex.Message)
End Try
Return isValidated
End Function
请帮忙
Venky这是我将使用的方法,抱歉,这是我从C#翻译到VB.Net的代码
` Connection to Active Directory
Dim deBase As DirectoryEntry = New DirectoryEntry("LDAP://192.168.183.100:389/dc=dom,dc=fr", "jpb", "pwd")
` Directory Search for the group your are interested in
Dim dsLookForGrp As DirectorySearcher = New DirectorySearcher(deBase)
dsLookForGrp.Filter = String.Format("(cn={0})", "yourgroup")
dsLookForGrp.SearchScope = SearchScope.Subtree
dsLookForGrp.PropertiesToLoad.Add("distinguishedName")
Dim srcGrp As SearchResult = dsLookForGrp.FindOne
If (Not (srcGrp) Is Nothing) Then
Dim dsLookForUsers As DirectorySearcher = New DirectorySearcher(deBase)
dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties("distinguishedName")(0))
dsLookForUsers.SearchScope = SearchScope.Subtree
dsLookForUsers.PropertiesToLoad.Add("objectSid")
dsLookForUsers.PropertiesToLoad.Add("userPrincipalName ")
dsLookForUsers.PropertiesToLoad.Add("sAMAccountName")
Dim srcLstUsers As SearchResultCollection = dsLookForUsers.FindAll
For Each sruser As SearchResult In srcLstUsers
Console.WriteLine("{0}", sruser.Path)
` Here Test if you username is insode
Console.WriteLine(""& vbTab&"{0} : {1} ", "sAMAccountName", sruser.Properties("sAMAccountName")(0))
Next
End If
请注意,主组由primaryGroupID
给出,它不是一个DN,而是一个ID,是组SID的lasr部分
最后一件事,但您也可以使用#
/*检索主体上下文
*/
Console.WriteLine(“检索主上下文”);
PrincipalContext domainContext=新PrincipalContext(ContextType.Domain,“WM2008R2ENT:389”,“dc=dom,dc=fr”,“jpb”,“PWD”);
/*查找用户所属的所有组
*/
UserPrincipal aUser=UserPrincipal.FindByIdentity(domainContext,“user1”);
PrincipalSearchResult a=aUser.GetAuthorizationGroups();
foreach(a中的GroupPrincipal gTmp)
{
Console.WriteLine(gTmp.Name);
}
/* Retreiving a principal context
*/
Console.WriteLine("Retreiving a principal context");
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "PWD");
/* Look for all the groups a user belongs to
*/
UserPrincipal aUser = UserPrincipal.FindByIdentity(domainContext, "user1");
PrincipalSearchResult<Principal> a = aUser.GetAuthorizationGroups();
foreach (GroupPrincipal gTmp in a)
{
Console.WriteLine(gTmp.Name);
}