.net core在Linux下获取AD域信息

.net core在Linux下获取AD域信息

.net Core 2.1.4

.net core现在System.DirectoryServices只支持Windows平台下使用。

参考：

https://github.com/dotnet/standard/pull/444

https://github.com/dotnet/corefx/issues/2089

private Dictionary<string,string> AuthenticateActiveDirectory(string username, string password)
{
    Dictionary<string, string> dic = new Dictionary<string, string>();
    DirectoryEntry entry = new DirectoryEntry(_appConfiguration["LDAP:DE"], username, password);
    try
    {
        DirectorySearcher search = new DirectorySearcher(entry); 
        search.Filter = $"(SAMAccountName={username})";  
        SearchResult result = search.FindOne();
        if (result != null)
        {
            dic.Add("state","true");
            dic.Add("displayname", result.Properties["displayname"]?[0].ToString());
            dic.Add("mail",result.Properties["mail"]?[0].ToString());
        }
    }
    catch (Exception ex)
    {
        dic.Add("state", "false");
        dic.Add("errMsg",ex.Message);
    }
    return dic;
}

Novell.Directory.Ldap

Novell.Directory.Ldap支持.net core2 Linux环境。

public Dictionary<string, string> LdapAuthenticate(string username, string password)
{
    Dictionary<string, string> dic = new Dictionary<string, string>();
    var ldapHost = _appConfiguration["LDAP:Host"];
    var ldapPort = _appConfiguration.GetValue<int>("LDAP:Port");
    var mailSuffix = _appConfiguration["LDAP:MailSuffix"];
    var searchBase = _appConfiguration["LDAP:SearchBase"];
    var loginDN = username;
    var sAMAccountName = username;
    if (username.Contains(mailSuffix))
        sAMAccountName = username.Substring(0, username.IndexOf(mailSuffix));
    else
        loginDN = $"{username}{mailSuffix}";
    
    var searchFilter = $"(sAMAccountName={sAMAccountName})";
    var attrs = _appConfiguration["LDAP:Attrs"].Split('|');
    try
    {
        var conn = new LdapConnection();
        conn.Connect(ldapHost, ldapPort);
        conn.Bind(loginDN, password);
        var lsc = conn.Search(searchBase, LdapConnection.SCOPE_SUB, searchFilter, attrs, false);

        while (lsc.hasMore())
        {
            LdapEntry nextEntry = null;
            try
            {
                nextEntry = lsc.next();
            }
            catch (LdapException ex)
            {
                Logger.Debug(ex.ToString(), ex);
                continue;
            }
            var attributeSet = nextEntry.getAttributeSet();
            var ienum = attributeSet.GetEnumerator();
            while (ienum.MoveNext())
            {
                var attribute = (LdapAttribute)ienum.Current;
                var attributeName = attribute.Name.ToLower();
                var attributeVal = attribute.StringValue;
                if (attrs.Contains(attributeName))
                {
                    dic.Add(attributeName, attributeVal);
                }
            }
            dic.Add("state", "true");
        }

        conn.Disconnect();
    }
    catch (Exception ex)
    {
        dic.Add("state", "false");
        dic.Add("errMsg", ex.Message);
        Logger.Debug(ex.ToString(), ex);
    }
    return dic;
}

以上配置信息如下：

  "LDAP": {
    "_comment": "域帐号登录配置",
    "DE": "LDAP://xxx.com",
    "Host": "xx.xx.xx.xx",
    "Port": 389,
    "MailSuffix": "@xxx.com",
    "Attrs": "displayname|mail|sn",
    "SearchBase": "DC=xxx,DC=com",
    "UserRole": "User"
  },