限制 LDAP 查询中返回的属性

时间:2023-01-01
本文介绍了限制 LDAP 查询中返回的属性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

如何限制通过 System.DirectoryServices 在 LDAP 查询中返回的属性?

How do I limit the attributes that are returned in an LDAP query through System.DirectoryServices?

我一直在使用 DirectorySearcher 并将我想要的属性添加到 DirectorySearcher.PropertiesToLoad.问题是这只是确保添加的属性包含在 DirectoryEntry.Properties 以及一些默认列表中.有什么方法可以指定您想要返回的唯一属性吗?

I have been using a DirectorySearcher and adding the properties that I want to DirectorySearcher.PropertiesToLoad. The problem is that this just makes sure that the added properties are included in the DirectoryEntry.Properties as well as some default list. Is there any way to specify the only properties that you want returned?

DirectoryEntry base = new DiectoryEntry(rootPath, null, null, AuthenticationTypes.FastBind);
DirectorySearcher groupSearcher = new DirectorySearcher(base);
groupSearcher.Filter = "(objectClass=group)";
groupSearcher.PropertiesToLoad.Add("distinguishedName");
groupSearcher.PropertiesToLoad.Add("description");
foreach (SearchResult groupSr in groupDs.FindAll())
...

当我获得组 DirectoryEntry 时,在 foreach 循环中,我可以访问大约 16 个不同的属性,而不仅仅是我指定的两个(distinguishedName、description)

Inside the foreach loop when I get the group DirectoryEntry there are about 16 different properties that I can access not just the two that I specified (distinguishedName, description)

推荐答案

您的限制是在您的 SearchResult 对象中可用/填充的属性 - 您可以直接访问在您的 foreach 循环中:

The thing you're limiting there are the properties that will be available / filled in your SearchResult objects - which you can access directly in your foreach loop:

DirectoryEntry baseEntry = new DirectoryEntry(rootPath, null, null, AuthenticationTypes.FastBind);

DirectorySearcher groupSearcher = new DirectorySearcher(baseEntry);
groupSearcher.Filter = "(objectClass=group)";

groupSearcher.PropertiesToLoad.Add("distinguishedName");
groupSearcher.PropertiesToLoad.Add("description");

foreach (SearchResult groupSr in groupSearcher.FindAll())
{
   if(groupSr.Properties["description"] != null && groupSr.Properties["description"].Count > 0)
   {
      string description = groupSr.Properties["description"][0].ToString();
   }

  .....
} 

您不能限制实际 DirectoryEntry 的属性 - 因此,如果您获取每个 SearchResult 的目录条目 - 您可以完全访问所有内容.但重点是您可以定义您需要的属性,并在 SearchResult直接访问这些属性,无需返回底层 DirectoryEntry

You cannot limit the properties on the actual DirectoryEntry - so if you go grab the directory entry for each SearchResult - you have full access to everything. But the whole point is that you can define what properties you need, and access those directly on the SearchResult, without having to go back to the underlying DirectoryEntry

这篇关于限制 LDAP 查询中返回的属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

上一篇:c# winform 活动目录:如果登录成功,则访问另一个表单 下一篇:使用 Windows 身份验证时获取 Active Directory 信息?

相关文章

最新文章