AD не возвращают группы, прошедшей проверку подлинности пользователя принадлежит

Question

Я могу проверить подлинность данного пользователя - домен, имя пользователя и пароль с LDAP, но не в состоянии retrive его группы, которые он связанный с :(

Вот кодом я использую

Public Function ValidateActiveDirectoryLogin(ByVal domainName As String, ByVal userName As String, ByVal userPassword As String) As Boolean 
     Dim isValidated As Boolean = False 

    Try 

     Dim ldapPath As String = "LDAP://" & domainName 
     Dim dirEntry As New DirectoryEntry(ldapPath, userName, userPassword, AuthenticationTypes.Secure) 
     Dim dirSearcher As New DirectorySearcher(dirEntry) 

     dirSearcher.Filter = "(SAMAccountName=" & userName & ")" 
     dirSearcher.PropertiesToLoad.Add("memberOf") 

     Dim result As SearchResult = dirSearcher.FindOne() 

     If Not result Is Nothing Then 

       For Each x As DictionaryEntry In result.Properties 
        x.Key.ToString() 

        'DirectCast(x, System.Collections.DictionaryEntry).Key() 
       Next 

       Dim groupCount As Integer = result.Properties("memberOf").Count 
       Dim isInGroup As Boolean = False 

       For index As Integer = 0 To groupCount - 1 
        Dim groupDN As String = result.Properties("memberOf").Item(index).ToString 

        Dim equalsIndex As Integer = groupDN.IndexOf("=") 
        Dim commaIndex As Integer = groupDN.IndexOf(",") 

        Dim group As String = groupDN.Substring((equalsIndex + 1), (commaIndex - equalsIndex) - 1).ToLower 
        If group.Equals(groupName.ToLower) Then 
         isInGroup = True 
         Exit For 
        End If 
       Next index 

       isValidated = isInGroup 
     End If 
    Catch ex As Exception 
     Throw New Exception(ex.Message) 
    End Try 

    Return isValidated 

End Function 

Пожалуйста, помогите ...

Venky

Answer 1

Вот как я буду использовать, извините это код, который я перевести из C# в VB.Net

` Connection to Active Directory 
Dim deBase As DirectoryEntry = New DirectoryEntry("LDAP://192.168.183.100:389/dc=dom,dc=fr", "jpb", "pwd") 

` Directory Search for the group your are interested in 
Dim dsLookForGrp As DirectorySearcher = New DirectorySearcher(deBase) 
dsLookForGrp.Filter = String.Format("(cn={0})", "yourgroup") 
dsLookForGrp.SearchScope = SearchScope.Subtree 
dsLookForGrp.PropertiesToLoad.Add("distinguishedName") 
Dim srcGrp As SearchResult = dsLookForGrp.FindOne 

If (Not (srcGrp) Is Nothing) Then 
    Dim dsLookForUsers As DirectorySearcher = New DirectorySearcher(deBase) 
    dsLookForUsers.Filter = String.Format("(&(objectCategory=person)(memberOf={0}))", srcGrp.Properties("distinguishedName")(0)) 
    dsLookForUsers.SearchScope = SearchScope.Subtree 
    dsLookForUsers.PropertiesToLoad.Add("objectSid") 
    dsLookForUsers.PropertiesToLoad.Add("userPrincipalName ") 
    dsLookForUsers.PropertiesToLoad.Add("sAMAccountName") 
    Dim srcLstUsers As SearchResultCollection = dsLookForUsers.FindAll 
    For Each sruser As SearchResult In srcLstUsers 
     Console.WriteLine("{0}", sruser.Path) 
     ` Here Test if you username is insode 
     Console.WriteLine(""& vbTab&"{0} : {1} ", "sAMAccountName", sruser.Properties("sAMAccountName")(0)) 
    Next 
End If 

Будьте осторожны, основная группа дается primaryGroupID и это не DN, а идентификатор, который является lasr частью группы SID.

Последняя вещь, но вы также можете сделать это, используя Managing Directory Security Principals in the .NET Framework 3.5. Ниже приведен образец в C#

/* Retreiving a principal context 
*/ 
Console.WriteLine("Retreiving a principal context"); 
PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, "WM2008R2ENT:389", "dc=dom,dc=fr", "jpb", "PWD"); 


/* Look for all the groups a user belongs to 
*/ 
UserPrincipal aUser = UserPrincipal.FindByIdentity(domainContext, "user1"); 
PrincipalSearchResult<Principal> a = aUser.GetAuthorizationGroups(); 

foreach (GroupPrincipal gTmp in a) 
{ 
    Console.WriteLine(gTmp.Name);  
}