zoukankan      html  css  js  c++  java
  • C# 操作LDAP

    C# 操作LDAP查找组或人员信息

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.DirectoryServices;
     
    /// <summary>
    ///ADUtil 的摘要说明
    /// </summary>
    public class ADUtil
    {
        // LDAP地址 例如:LDAP://my.com.cn
        private const string LDAP_HOST = "LDAP://my.com.cn";
        // 具有LDAP管理权限的特殊帐号
        private const string USER_NAME = "account";
        // 具有LDAP管理权限的特殊帐号的密码
        private const string PASSWORD = "password";
     
        public ADUtil()
        {
            //
            //TODO: 在此处添加构造函数逻辑
            //
        }
     
        /**
         * 向某个组添加人员
         * groupName 组名称
         * userName 人员域帐号
         **/
        public static void addGroupMember(string groupName, string userName)
        {
            DirectoryEntry group = getGroupByName(groupName);
            group.Username = USER_NAME;
            group.Password = PASSWORD;
            group.Properties["member"].Add(getUserDNByName(userName));
            group.CommitChanges();
        }
     
        /**
         * 从某个组移出指定的人员
         * groupName 组名称
         * userName 人员域帐号
         **/
        public static void removeGroupMember(string groupName, string userName)
        {
            DirectoryEntry group = getGroupByName(groupName);
            group.Username = USER_NAME;
            group.Password = PASSWORD;
            group.Properties["member"].Remove(getUserDNByName(userName));
            group.CommitChanges();
        }
     
        /**
         * 获取指定人员的域信息
         * name 人员域帐号 
         **/
        public static object getUserDNByName(string name)
        {
            DirectorySearcher userSearch = new DirectorySearcher(LDAP_HOST);
            userSearch.SearchRoot = new DirectoryEntry(LDAP_HOST, USER_NAME, PASSWORD);
            userSearch.Filter = "(SAMAccountName=" + name + ")";
            SearchResult user = userSearch.FindOne();
            if (user == null)
            {
                throw new Exception("请确认域用户是否正确");
            }
            return user.Properties["distinguishedname"][0];
        }
     
        /**
         * 获取指定域组的信息
         * name 组名称 
         **/
        public static DirectoryEntry getGroupByName(string name)
        {
            DirectorySearcher search = new DirectorySearcher(LDAP_HOST);
            search.SearchRoot = new DirectoryEntry(LDAP_HOST, USER_NAME, PASSWORD);
            search.Filter = "(&(cn=" + name + ")(objectClass=group))";
            search.PropertiesToLoad.Add("objectClass");
            SearchResult result = search.FindOne();
            DirectoryEntry group;
            if (result != null)
            {
                group = result.GetDirectoryEntry();
            }
            else {
                throw new Exception("请确认AD组列表是否正确");
            }
            return group;
        }
    }

     
    C# LDAP 管理(创建新用户)

    今天用C#实现了一套LDAP域账号的创建和查询,感受挺多。

    算是第一次接触LDAP吧,之前曾经做了一个登录的验证,就是查询功能,那个相对比较简单,用到了一个方法就搞定了。

    这次的需求是要用编程的方式创建域账号,实现域登陆。

     首先回顾一下之前查询用到的代码:

            public static bool TryAuthenticate(string userName, string password)
            {
                string domain = "litb-inc.com";
                bool isLogin = false;
                try
                {
                    DirectoryEntry entry = new DirectoryEntry(string.Format("LDAP://{0}", domain), userName, password);
                    entry.RefreshCache();
                    DBLog.Debug("check success");
                    isLogin = true;
                }
                catch (Exception ex)
                {
                    DBLog.Debug("域验证抛出异常 :" + ex.Message + ex.InnerException);
                    isLogin = false;
                }
                return isLogin;
            }

    这是验证指定用户是否在域里认证通过。

     接下来,实现创建域账户的操作。在网上找到了一个操作类:

    using System;
    using System.Collections;
    using System.Collections.Generic;
    using System.Data;
    using System.DirectoryServices;
    using System.Linq;
    using System.Text;
    using System.Text.RegularExpressions;
     
    namespace Litb.HRExtension
    {
        public static class AdHerlp
        {
            #region 创建AD连接
            /// <summary>
            /// 创建AD连接
            /// </summary>
            /// <returns></returns>
            public static DirectoryEntry GetDirectoryEntry()
            {
                DirectoryEntry de = new DirectoryEntry();
                de.Path = "LDAP://testhr.com/CN=Users,DC=testhr,DC=com";
                de.Username = @"administrator";
                de.Password = "litb20!!";
                return de;
     
                //DirectoryEntry entry = new DirectoryEntry("LDAP://testhr.com", "administrator", "litb20!!", AuthenticationTypes.Secure);
                //return entry;
     
            }
            #endregion
     
            #region 获取目录实体集合
            /// <summary>
            ///
            /// </summary>
            /// <param name="DomainReference"></param>
            /// <returns></returns>
            public static DirectoryEntry GetDirectoryEntry(string DomainReference)
            {
                DirectoryEntry entry = new DirectoryEntry("LDAP://testhr.com" + DomainReference, "administrator", "litb20!!", AuthenticationTypes.Secure);
                return entry;
            }
            #endregion
        }
     
        //AD操作类
     
        //myDirectory.cs
     
       public  class myDirectory
        {
     
            /// <summary>
            /// 判断用户是否存在
            /// </summary>
            /// <param name="UserName"></param>
            /// <returns></returns>
            public bool UserExists(string UserName)
            {
                DirectoryEntry de = AdHerlp.GetDirectoryEntry();
                DirectorySearcher deSearch = new DirectorySearcher();
                deSearch.SearchRoot = de;
                deSearch.Filter = "(&(objectClass=user) (cn=" + UserName + "))";
                SearchResultCollection results = deSearch.FindAll();
                if (results.Count == 0)
                {
                    return false;
                }
                else
                {
                    return true;
                }
            }
            /// <summary>
            /// 修改用户属性
            /// </summary>
            /// <param name="de"></param>
            /// <param name="PropertyName"></param>
            /// <param name="PropertyValue"></param>
            public static void SetProperty(DirectoryEntry de, string PropertyName, string PropertyValue)
            {
                if (PropertyValue != null)
                {
                    if (de.Properties.Contains(PropertyName))
                    {
                        de.Properties[PropertyName][0] = PropertyValue;
                    }
                    else
                    {
                        de.Properties[PropertyName].Add(PropertyValue);
                    }
                }
            }
     
            /// <summary>
            /// 生成随机密码
            /// </summary>
            /// <returns></returns>
            public string SetSecurePassword()
            {
                //RandomPassword rp = new RandomPassword();
                return "qwe123!@#";
            }
     
            /// <summary>
            /// 设置用户新密码
            /// </summary>
            /// <param name="path"></param>
            public void SetPassword(DirectoryEntry newuser)
            {
                //DirectoryEntry usr = new DirectoryEntry();
                //usr.Path = path;
                //usr.AuthenticationType = AuthenticationTypes.Secure;
                
                //object[] password = new object[] { SetSecurePassword() };
                //object ret = usr.Invoke("SetPassword", password);
                //usr.CommitChanges();
                //usr.Close();
     
                newuser.AuthenticationType = AuthenticationTypes.Secure;
                object[] password = new object[] { SetSecurePassword() };
                object ret = newuser.Invoke("SetPassword", password);
                newuser.CommitChanges();
                newuser.Close();
     
            }
     
            /// <summary>
            /// 启用用户帐号
            /// </summary>
            /// <param name="de"></param>
            private static void EnableAccount(DirectoryEntry de)
            {
                //UF_DONT_EXPIRE_PASSWD 0x10000
                int exp = (int)de.Properties["userAccountControl"].Value;
                de.Properties["userAccountControl"].Value = exp | 0x0001;
                de.CommitChanges();
                //UF_ACCOUNTDISABLE 0x0002
                int val = (int)de.Properties["userAccountControl"].Value;
                de.Properties["userAccountControl"].Value = val & ~0x0002;
                de.CommitChanges();
            }
     
            /// <summary>
            /// 添加用户到组
            /// </summary>
            /// <param name="de"></param>
            /// <param name="deUser"></param>
            /// <param name="GroupName"></param>
            public static void AddUserToGroup(DirectoryEntry de, DirectoryEntry deUser, string GroupName)
            {
                DirectorySearcher deSearch = new DirectorySearcher();
                deSearch.SearchRoot = de;
                deSearch.Filter = "(&(objectClass=group) (cn=" + GroupName + "))";
                SearchResultCollection results = deSearch.FindAll();
     
                bool isGroupMember = false;
     
                if (results.Count > 0)
                {
                    DirectoryEntry group = AdHerlp.GetDirectoryEntry(results[0].Path);
     
                    object members = group.Invoke("Members", null);
                    foreach (object member in (IEnumerable)members)
                    {
                        DirectoryEntry x = new DirectoryEntry(member);
                        if (x.Name != deUser.Name)
                        {
                            isGroupMember = false;
                        }
                        else
                        {
                            isGroupMember = true;
                            break;
                        }
                    }
     
                    if (!isGroupMember)
                    {
                        group.Invoke("Add", new object[] { deUser.Path.ToString() });
                    }
                    group.Close();
                }
                return;
            }
     
            /// <summary>
            /// 创建一个新用户
            /// </summary>
            /// <param name="employeeID"></param>
            /// <param name="name"></param>
            /// <param name="login"></param>
            /// <param name="email"></param>
            /// <param name="group"></param>
            public void CreateNewUser(string employeeID, string name, string login, string email, string group)
            {
                //Catalog catalog = new Catalog();
                DirectoryEntry de = AdHerlp.GetDirectoryEntry();
     
                /// 1. Create user account
                DirectoryEntries users = de.Children;
                DirectoryEntry newuser = users.Add("CN=" + login, "user");
     
                /// 2. Set properties
                SetProperty(newuser, "employeeID", employeeID);
                SetProperty(newuser, "givenname", name);
                SetProperty(newuser, "SAMAccountName", login);
                SetProperty(newuser, "userPrincipalName", login);
                SetProperty(newuser, "mail", email);
                SetProperty(newuser, "Description", "Create User By HrESS System");
     
                newuser.CommitChanges();
     
                /// 3. Set password
                newuser.AuthenticationType = AuthenticationTypes.Secure;
                object[] password = new object[] { SetSecurePassword() };
                object ret = newuser.Invoke("SetPassword", password);
                newuser.CommitChanges();
                //newuser.Close();
     
     
                //SetPassword(newuser);
                //newuser.CommitChanges();
     
                /// 4. Enable account           
                EnableAccount(newuser);
     
                /// 5. Add user account to groups
                AddUserToGroup(de, newuser, group);
     
                /// 6. Create a mailbox in Microsoft Exchange   
                //GenerateMailBox(login);
     
                newuser.Close();
                de.Close();
            }
            /// <summary>
            /// 禁用一个帐号
            /// </summary>
            /// <param name="EmployeeID"></param>
            public void DisableAccount(string EmployeeID)
            {
                DirectoryEntry de = AdHerlp.GetDirectoryEntry();
                DirectorySearcher ds = new DirectorySearcher(de);
                ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" + EmployeeID + "))";
                ds.SearchScope = SearchScope.Subtree;
                SearchResult results = ds.FindOne();
     
                if (results != null)
                {
                    DirectoryEntry dey = AdHerlp.GetDirectoryEntry(results.Path);
                    int val = (int)dey.Properties["userAccountControl"].Value;
                    dey.Properties["userAccountControl"].Value = val | 0x0002;
                    dey.Properties["msExchHideFromAddressLists"].Value = "TRUE";
                    dey.CommitChanges();
                    dey.Close();
                }
     
                de.Close();
            }
            /// <summary>
            /// 修改用户信息
            /// </summary>
            /// <param name="employeeID"></param>
            /// <param name="department"></param>
            /// <param name="title"></param>
            /// <param name="company"></param>
            public void ModifyUser(string employeeID, string department, string title, string company)
            {
                DirectoryEntry de = AdHerlp.GetDirectoryEntry();
                DirectorySearcher ds = new DirectorySearcher(de);
                ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" + employeeID + "))";
                ds.SearchScope = SearchScope.Subtree;
                SearchResult results = ds.FindOne();
     
                if (results != null)
                {
                    DirectoryEntry dey = AdHerlp.GetDirectoryEntry(results.Path);
                    SetProperty(dey, "department", department);
                    SetProperty(dey, "title", title);
                    SetProperty(dey, "company", company);
                    dey.CommitChanges();
                    dey.Close();
                }
     
                de.Close();
            }
     
            /// <summary>
            /// 检验Email格式是否正确
            /// </summary>
            /// <param name="mail"></param>
            /// <returns></returns>
            public bool IsEmail(string mail)
            {
                Regex mailPattern = new Regex(@"w+([-+.]w+)*@w+([-.]w+)*.w+([-.]w+)*");
                return mailPattern.IsMatch(mail);
            }
            /// <summary>
            /// 搜索被修改过的用户
            /// </summary>
            /// <param name="fromdate"></param>
            /// <returns></returns>
            public DataTable GetModifiedUsers(DateTime fromdate)
            {
                DataTable dt = new DataTable();
                dt.Columns.Add("EmployeeID");
                dt.Columns.Add("Name");
                dt.Columns.Add("Email");
     
                DirectoryEntry de = AdHerlp.GetDirectoryEntry();
                DirectorySearcher ds = new DirectorySearcher(de);
     
                StringBuilder filter = new StringBuilder();
                filter.Append("(&(objectCategory=Person)(objectClass=user)(whenChanged>=");
                filter.Append(ToADDateString(fromdate));
                filter.Append("))");
     
                ds.Filter = filter.ToString();
                ds.SearchScope = SearchScope.Subtree;
                SearchResultCollection results = ds.FindAll();
     
                foreach (SearchResult result in results)
                {
                    DataRow dr = dt.NewRow();
                    DirectoryEntry dey = AdHerlp.GetDirectoryEntry(result.Path);
                    dr["EmployeeID"] = dey.Properties["employeeID"].Value;
                    dr["Name"] = dey.Properties["givenname"].Value;
                    dr["Email"] = dey.Properties["mail"].Value;
                    dt.Rows.Add(dr);
                    dey.Close();
                }
     
                de.Close();
                return dt;
            }
     
            /// <summary>
            /// 格式化AD的时间
            /// </summary>
            /// <param name="date"></param>
            /// <returns></returns>
            public string ToADDateString(DateTime date)
            {
                string year = date.Year.ToString();
                int month = date.Month;
                int day = date.Day;
     
                StringBuilder sb = new StringBuilder();
                sb.Append(year);
                if (month < 10)
                {
                    sb.Append("0");
                }
                sb.Append(month.ToString());
                if (day < 10)
                {
                    sb.Append("0");
                }
                sb.Append(day.ToString());
                sb.Append("000000.0Z");
                return sb.ToString();
            }
        }
    }

    有了这个操作类,就可以进行域账号的创建了,调用示例:

    Console.WriteLine("Begin CreateNewUser");
    string name = "wj" + System.Guid.NewGuid().ToString().Substring(0, 5);
    string id = System.Guid.NewGuid().ToString().Substring(0, 5);my.CreateNewUser(id, name, name, name + "@testhr.com", "testhr.com/Users");
    Console.WriteLine("域用户名创建成功:" + name);

    注意域账号的用户名不能有类似-,下划线之类的特殊字符。

     在最初尝试的时候,创建对象 DirectoryEntry的时候总是有问题,最终这两种方式都是有效的:

               DirectoryEntry de = new DirectoryEntry();
                de.Path = "LDAP://testhr.com/CN=Users,DC=testhr,DC=com";
                de.Username = @"administrator";
                de.Password = "litb20!!";
                return de;
    
                DirectoryEntry entry = new DirectoryEntry("LDAP://testhr.com", "administrator", "litb20!!", AuthenticationTypes.Secure);
                return entry; 

    其次,在创建完用户以后,需要设置用户的密码,这个方法总是报错,后来经过检查,发现如果只传递path字符串,是不行的,必须操作现有对象的Invoke方法才可以!

    或者传递对象引用。 

    最终,成功创建了域账户。

     在测试的时候,同一台机器加入了多个账号后,就会有问题,报出类似这样的错误: 

    最终,可以通过在服务器上删除这台电脑的方式来解决,或者重命名本地计算机名称。

    C#LDAP删除用户

    一、创建LDAP连接

    二、准备用户拥有的属性

    三、 删除用户的信息

     LdapConnection conn = new LdapConnection();
    
                conn.Connect("192.168.3.112", 389);
                string dn = "CN=Administrator,CN=Users,DC=baiyi,DC=com";
                conn.Bind(dn, "etimes2011@");
                sbyte[] mysbyte = new sbyte[caByte.Length];
                for (int i = 0; i < caByte.Length; i++)
                {
                    if (caByte[i] > 127)
                    {
                        mysbyte[i] = (sbyte)(caByte[i] - 256);
                    }
                    else
                    {
                        mysbyte[i] = (sbyte)(caByte[i]);
                    }
                }
                    
                LdapAttribute attribute = new LdapAttribute("userCertificate", mysbyte);
                string user = "CN=foodean,CN=Users,DC=baiyi,DC=com";
                conn.Modify(user, new LdapModification(LdapModification.DELETE, attribute));//注意这里使用的是DELETE
                conn.Disconnect();
  • 相关阅读:
    [LeetCode] 1030. Matrix Cells in Distance Order 距离顺序排列矩阵单元格
    [LeetCode] 1029. Two City Scheduling 两个城市调度
    [LeetCode] 1027. Longest Arithmetic Subsequence 最长的等差数列
    [LeetCode] 1026. Maximum Difference Between Node and Ancestor 结点与其祖先之间的最大差值
    [LeetCode] 1025. Divisor Game 除数游戏
    一手遮天 Android
    一手遮天 Android
    一手遮天 Android
    一手遮天 Android
    一手遮天 Android
  • 原文地址:https://www.cnblogs.com/hnsongbiao/p/11487800.html
Copyright © 2011-2022 走看看