使用 Novell LDAP 在 .NET Core 中针对 AD 进行页面 LDAP 查询

问题描述

我正在使用 Novell LDAP 库从 .NET 代码应用程序查询 Active Directory.大多数查询成功，但有些返回超过 1000 个结果，AD 服务器拒绝.因此，我试图找出如何使用 Novell 的库对 LDAP 查询进行分页.我放在一起的解决方案看起来像

I am using the Novell LDAP library for making queries to an Active Directory from a .NET Code application. Most of the queries succeed, but some return more than 1000 results, which the AD server refuses. I therefore tried to find out how to page LDAP queries using Novell's library. The solution I put together looks like

public IEnumerable<LdapUser> GetUsers() {
    this.Connect();

    try {
        var cntRead = 0;                            // Total users read.
        int? cntTotal = null;                       // Users available.
        var curPage = 0;                            // Current page.
        var pageSize = this._config.LdapPageSize;   // Users per page.

        this.Bind();

        this._logger.LogInformation("Searching LDAP users.");
        do {
            var constraints = new LdapSearchConstraints();

            // The following has no effect:
            //constraints.MaxResults = 10000;

            // Commenting out the following succeeds until the 1000th entry.
            constraints.setControls(GetListControl(curPage, pageSize));

            var results = this._connection.Search(
                this._config.LdapSearchBase,
                this.LdapSearchScope,
                this._config.LdapUsersFilter,
                this.LdapUserProperties,
                false,
                constraints);

            while (results.hasMore() && ((cntTotal == null) || (cntRead < cntTotal))) {
                ++cntRead;

                LdapUser user = null;

                try {
                    var result = results.next();
                    Debug.WriteLine($"Found user {result.DN}.");
                    user = new LdapUser() {
                        AccountName = result.getAttribute(this._config.LdapAccountAttribute)?.StringValue,
                        DisplayName = result.getAttribute(this._config.LdapDisplayNameAttribute)?.StringValue
                    };
                } catch (LdapReferralException) {
                    continue;
                }

                yield return user;
            }

            ++curPage;
            cntTotal = GetTotalCount(results);
        } while ((cntTotal != null) && (cntRead < cntTotal));
    } finally {
        this._connection.Disconnect();
    }
}

并使用以下两个辅助方法:

and uses the following two helper methods:

private static LdapControl GetListControl(int page, int pageSize) {
    Debug.Assert(page >= 0);
    Debug.Assert(pageSize >= 0);
    var index = page * pageSize + 1;
    var before = 0;
    var after = pageSize - 1;
    var count = 0;
    Debug.WriteLine($"LdapVirtualListControl({index}, {before}, {after}, {count}) = {before}:{after}:{index}:{count}");
    return new LdapVirtualListControl(index, before, after, count);
}

private static int? GetTotalCount(LdapSearchResults results) {
    Debug.Assert(results != null);

    if (results.ResponseControls != null) {
        var r = (from c in results.ResponseControls
                 let d = c as LdapVirtualListResponse
                 where (d != null)
                 select (LdapVirtualListResponse) c).SingleOrDefault();
        if (r != null) {
            return r.ContentCount;
        }
    }

    return null;
}   

设置 constraints.MaxResults 似乎对 AD 服务器没有影响.如果我不设置 LdapVirtualListControl，则检索成功，直到检索到第 1000 个条目.

Setting constraints.MaxResults does not seem to have an effect on the AD server. If I do not set the LdapVirtualListControl, the retrieval succeeds until the 1000th entry was retrieved.

如果我使用 LdapVirtualListControl，操作会在第一次调用 results.next() 时失败，并出现以下异常:

If I use the LdapVirtualListControl, the operation fails at the first call to results.next() with the following exception:

System.Collections.Generic.KeyNotFoundException: The given key '76' was not present in the dictionary.
   at System.Collections.Generic.Dictionary`2.get_Item(TKey key)
   at Novell.Directory.Ldap.Utilclass.ResourcesHandler.getResultString(Int32 code, CultureInfo locale)
   at Novell.Directory.Ldap.LdapResponse.get_ResultException()
   at Novell.Directory.Ldap.LdapResponse.chkResultCode()
   at Novell.Directory.Ldap.LdapSearchResults.next()

https://github.com/dsbenghe/Novell.Directory.Ldap.NETStandard/blob/master/src/Novell.Directory.Ldap.NETStandard/Utilclass/ResultCodeMessages.cs 建议这只是一个后续错误，真正的问题是调用失败，错误代码为 76，我不知道它是什么.因此，我认为我在查询中遗漏了一些东西.有什么问题?

The code at https://github.com/dsbenghe/Novell.Directory.Ldap.NETStandard/blob/master/src/Novell.Directory.Ldap.NETStandard/Utilclass/ResultCodeMessages.cs suggests that this is just a follow-up error and the real problem is that the call fails with error code 76, which I do not know what it is. I therefore think that I am missing something in my query. What is wrong there?

推荐答案

我修好了 - 以防其他人遇到这个问题:

I fixed it - in case someone else runs into this:

经过一些互联网研究，我在 https://ldap.com/ldap-result-code-reference-other-server-side-result-codes/#rc-virtualListViewError 错误代码 76 的含义以及 LdapVirtualListResponse 包含更多信息.就我而言，错误是 https://ldap.com/ldap-result-code-reference-other-server-side-result-codes/#rc-sortControlMissing - 所以分页似乎需要排序控制.为了修复它，我添加了

After some Internet research, I found on https://ldap.com/ldap-result-code-reference-other-server-side-result-codes/#rc-virtualListViewError what error code 76 means and that the LdapVirtualListResponse contains more information. In my case, the error was https://ldap.com/ldap-result-code-reference-other-server-side-result-codes/#rc-sortControlMissing - so it seems that a sort control is required for paging. In order to fix it, I added

constraints.setControls(new[] {
    new LdapSortControl(new LdapSortKey("cn"), true),
    GetListControl(curPage, pageSize)
});

这篇关于使用 Novell LDAP 在 .NET Core 中针对 AD 进行页面 LDAP 查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！