LDAPHelper
转载自:http://www.codeproject.com/Articles/71880/Active-Directory-Helper
常规的读取操作基本可以使用这个类库基本可以满足需求了。
需要注意的是LDAP读取节点(包括目录)数一般不能超过1000,如果超过1000,也只能返回1000。那么问题就来了,怎么能读取全部的呢?
思路就是分级,递归读取,每次仅读取节点下的子目录节点,然后读取子目录的叶子节点.(如果一个目录下的子节点超过了1K,目前还不知道具体的解决方案,据说可以通过在服务器设置来解决这一问题,不过没有试验为:Open LdapServer)
DirectoryEntry deRoot = new DirectoryEntry(string.Format("LDAP://{0}/{1}", Core.Instance.LdapServer, Core.Instance.AdDomain), Core.Instance.SuperUser, Core.Instance.SuperPassword); DirectorySearcher dsFindDept = new DirectorySearcher(deRoot); dsFindDept.SearchScope = SearchScope.Subtree; dsFindDept.Filter = "(objectclass=organizationalUnit)"; dsFindDept.SizeLimit = 2000; dsFindDept.PropertiesToLoad.Add("ou"); SearchResultCollection deptresult = dsFindDept.FindAll(); log.Info("Find Depet Count:[" + (deptresult == null ? "0" : deptresult.Count.ToString()) + "]"); List<string> depetList = new List<string>(); foreach (SearchResult item in deptresult) { if (item.GetDirectoryEntry().Parent.Path != deRoot.Path) continue; if (item.Properties[OBJECT_CLASS] == null) continue; ResultPropertyValueCollection ouRc = item.Properties["ou"]; if (ouRc == null) continue; if (ouRc.Count > 0) { depetList.Add(item.GetDirectoryEntry().Path); } }
Introduction
This article shows you some small classes that you can use to query the Microsoft Active Directory (AD) for users and groups and perform other user and group related functions.
Background
I developed these classes because I wanted to have a simple to use interface to query users and groups when importing them into our free test case management tool called "Zeta Test".
Internally, the library makes use of the classes in the System.DirectoryServices namespace which provide LDAP functions to access an Active Directory. So everything that I provide here can be used without my libraries, too. The reason to develop it was to simplify the access to the underlying classes, which I found hard to understand and use in the past.
These classes are also available together with other general-purpose classes through my Zeta Enterprise Libraryarticle.
Provided Classes
Basically, you have the following classes inside the library:
ActiveDirectoryConfiguration- Contains configuration settings for accessing the LDAP server like server name, user name, password, impersonation, DN, etc.ActiveDirectory- Central class to execute certain AD functions like enumerating users and groups.ADUserInfo- Class containing information about one AD user.ADGroupInfo- Class containing information about one AD group.
Besides these classes, there are some helper classes (see "Helper" sub-folder in the sources) and some enumerations. The download also contains a project with some unit tests.
Using the Code
The usage of the code should be rather simple. Following is a short example:
var adc = new ActiveDirectoryConfiguration { LdapServer = "MyServerNameOrIP", LdapBaseDN = "dc=office, dc=my-domain, dc=com", LdapUserName = "MYDOMAIN\\myuser", LdapPassword = "mypassword" }; var ad = new ActiveDirectory(adc);
In that example, a new instance of the ActiveDirectoryConfiguration class is being created, filled with connection values and then passed to the constructor of an ActiveDirectory class.
Next, you can call methods on this instance:
var allGroups = ad.GetGroupInfos(); var allUsers = ad.GetUserInfos();
Here, we retrieve a list of all groups and all users inside the DN, specified in the configuration above.
To access the retrieved information, we can e.g., iterate through the retrieved lists and call members on each object:
if (allGroups != null) { foreach (var group in allGroups) { Trace.WriteLine(group.Name); } } if (allUsers != null) { foreach (var user in allUsers) { Trace.WriteLine(user.Name); } }
This example simply traces the name of each user group and each user to the trace listeners.
Epilog
This article quickly introduced some classes to query the Microsoft LDAP ActiveDirectory through an easy to use interface. To get these classes together with much more functions in a small set of libraries, please see my Zeta Enterprise Library article.
If you have any questions, comments or want to report bugs, please write them in the comments section below.
