C# LDAP工具类

/// <summary>
/// LDAP工具类
/// </summary>
public static class LDAPUtil
{
public static string Domain = "SHTAI";//域名称
public static string Host = "ip";//域服务器地址
public static string BaseDC = "dc=SHTAI,dc=CN";//根据上面的域服务器地址，每个点拆分为一个DC，例如上面的apac.contoso.com，拆分后就是DC=apac,DC=contoso,DC=com
public static int Port = 389;//域服务器端口，一般默认就是389
public static string DomainAdminUser = "222222";//域管理员账号用户名，如果只是验证登录用户，不对域做修改，可以就是登录用户名
public static string DomainAdminPassword = "111111";//域管理员账号密码，如果只是验证登录用户，不对域做修改，可以就是登录用户的密码

public static Dictionary<string, string> GetUsers(string username, string password)
{
Dictionary<string, string> users = new Dictionary<string, string>();
try
{
using (var conn = new LdapConnection())
{
conn.Connect(Host, Port);
conn.Bind(Domain + "\\" + username, password);//这里用户名或密码错误会抛出异常LdapException
var root = conn.GetRootDseInfo();
var searchFilter = $"(sAMAccountName={username})";
searchFilter = null;
var entities =
conn.Search(BaseDC, LdapConnection.ScopeSub, searchFilter,//注意一个多的空格都不能打，否则查不出来
new string[] { "sAMAccountName", "mail" }, false);

LdapEntry entity = null;
while (entities.HasMore())
{
var sAMAccountName = "";
var mail = "";
try
{
entity = entities.Next();
var attributeSet = entity.GetAttributeSet();
if (!attributeSet.ContainsKey("sAMAccountName"))
{
continue;
}
sAMAccountName = entity.GetAttribute("sAMAccountName")?.StringValue;
if (!sAMAccountName.StartsWith("ST"))
{
continue;
}
if (!attributeSet.ContainsKey("mail"))
{
//continue;
}
else
{
mail = entity.GetAttribute("mail")?.StringValue;
}
}
catch (Exception ex)
{
Console.Write(ex.Message);
continue;
}

 

Console.WriteLine($"User name : {sAMAccountName}");//james
Console.WriteLine($"User mail address : {mail}");//james@contoso.com
if (!users.ContainsKey(sAMAccountName))
{
users.Add(sAMAccountName, mail);
}

}

conn.Disconnect();
return users;
}
}
catch (LdapException ldapEx)
{
string message = ldapEx.Message;

return users;
}
catch (Exception ex)
{
Console.Write(ex.Message);
return users;
}
}
public static bool Validate(string username, string password)
{
try
{
using (var conn = new LdapConnection())
{
conn.Connect(Host, Port);
conn.Bind(Domain + "\\" + username, password);//这里用户名或密码错误会抛出异常LdapException

var entities =
conn.Search(BaseDC, LdapConnection.ScopeSub,
$"sAMAccountName={username}",//注意一个多的空格都不能打，否则查不出来
new string[] { "sAMAccountName", "cn", "mail" }, false);

string userDn = null;
while (entities.HasMore())
{
var entity = entities.Next();
var sAMAccountName = entity.GetAttribute("sAMAccountName")?.StringValue;
var cn = entity.GetAttribute("cn")?.StringValue;
//var mail = entity.GetAttribute("mail")?.StringValue;

Console.WriteLine($"User name : {sAMAccountName}");//james
Console.WriteLine($"User full name : {cn}");//James, Clark [james]
//Console.WriteLine($"User mail address : {mail}");//james@contoso.com

//If you need to Case insensitive, please modify the below code.
if (sAMAccountName != null && sAMAccountName == username)
{
userDn = entity.Dn;
break;
}
}
if (string.IsNullOrWhiteSpace(userDn)) return false;
conn.Bind(userDn, password);//这里用户名或密码错误会抛出异常LdapException
// LdapAttribute passwordAttr = new LdapAttribute("userPassword", password);
// var compareResult = conn.Compare(userDn, passwordAttr);
conn.Disconnect();
return true;
}
}
catch (LdapException ldapEx)
{
string message = ldapEx.Message;

return false;
}
catch (Exception ex)
{
Console.Write(ex.Message);
return false;
}
}

}