Get user by distinguished name using System.DirectoryServices.Protocols
-
06-06-2021 - |
سؤال
I have a pretty extensive application that has been built to provide SSO to several web applications via OID. The problem is that we have seen some users getting "orphaned" on a role for one of the applications. I have written a method that returns the distinguished name for all of the users with access to that role. To perform the cleanup, I am trying to make sure that the users returned in the previous step actually exist in OID. I have been using the System.DirectoryServices.Protocols.SearchRequest class when searching for users or roles, but it is not working for a distinguished name. Below is my method. It has been changed a couple of times to try different ways to make it work.
Public Function GetUserByDN(UserDN As String) As SearchResultEntry
Dim searchString As String = String.Format("baseDN={0}", UserDN)
Dim containerDN As String = Nothing
If _extranet Then
containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_ExternalDomain")
Else
containerDN = "cn=users," & ConfigurationManager.AppSettings("Directory_InternalDomain")
End If
Dim attributes(14) As String
attributes(0) = DIRECTORY_UNIQUE_ID
attributes(1) = DIRECTORY_FIRST_NAME
attributes(2) = DIRECTORY_LAST_NAME
attributes(3) = DIRECTORY_EMAIL_ADDRESS
attributes(4) = DIRECTORY_TELEPHONE
attributes(5) = DIRECTORY_STREET
attributes(6) = DIRECTORY_CITY
attributes(7) = DIRECTORY_STATE
attributes(8) = DIRECTORY_ZIP
attributes(9) = DIRECTORY_CUSTOMER_NAME
attributes(10) = DIRECTORY_ENABLED
attributes(11) = DIRECTORY_GIVEN_NAME ' this is the first name for a domain user
attributes(12) = DIRECTORY_KBIT_INDICATOR
attributes(13) = DIRECTORY_REQUESTING_BRANCH
attributes(14) = DIRECTORY_PWD_MUST_CHANGE
'Me.Connection.Bind()
Me.Bind()
Dim myRequest As New System.DirectoryServices.Protocols.SearchRequest(containerDN, UserDN, SearchScope.Base, attributes)
Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)
Dim results As SearchResultEntryCollection = myResponse.Entries
If results.Count >= 1 Then
Return results(0)
Else
Return Nothing
End If
End Function
المحلول
It has taken a lot of research and asking questions else where to find the answer to this. It turns out that instead of looking in the users OU and searching for the user's DN, I should have just looked at the user's DN and just perform a simple LDAP query. Here is my final solution. I hope this helps the community.
Public Function GetUserByDN(UserDN As String) As SearchResultEntry
Dim ldapFilter As String = "(objectClass=person)"
Dim attributes(14) As String
attributes(0) = DIRECTORY_UNIQUE_ID
attributes(1) = DIRECTORY_FIRST_NAME
attributes(2) = DIRECTORY_LAST_NAME
attributes(3) = DIRECTORY_EMAIL_ADDRESS
attributes(4) = DIRECTORY_TELEPHONE
attributes(5) = DIRECTORY_STREET
attributes(6) = DIRECTORY_CITY
attributes(7) = DIRECTORY_STATE
attributes(8) = DIRECTORY_ZIP
attributes(9) = DIRECTORY_CUSTOMER_NAME
attributes(10) = DIRECTORY_ENABLED
attributes(11) = DIRECTORY_GIVEN_NAME
attributes(12) = DIRECTORY_KBIT_INDICATOR
attributes(13) = DIRECTORY_REQUESTING_BRANCH
attributes(14) = DIRECTORY_PWD_MUST_CHANGE
Me.Bind()
Dim myRequest As New SearchRequest(UserDN, ldapFilter, SearchScope.Base, attributes)
Dim myResponse As SearchResponse = Me.Connection.SendRequest(myRequest)
If myResponse.Entries.Count >= 1 Then
Return myResponse.Entries(0)
Else
Return Nothing
End If
End Function