限制 LDAP 查询中返回的属性

Limiting the attributes returned in an LDAP query(限制 LDAP 查询中返回的属性)
本文介绍了限制 LDAP 查询中返回的属性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

如何限制通过 System.DirectoryServices 在 LDAP 查询中返回的属性?

How do I limit the attributes that are returned in an LDAP query through System.DirectoryServices?

我一直在使用 DirectorySearcher 并将我想要的属性添加到 DirectorySearcher.PropertiesToLoad.问题是这只是确保添加的属性包含在 DirectoryEntry.Properties 以及一些默认列表中.有什么方法可以指定您想要返回的唯一属性吗?

I have been using a DirectorySearcher and adding the properties that I want to DirectorySearcher.PropertiesToLoad. The problem is that this just makes sure that the added properties are included in the DirectoryEntry.Properties as well as some default list. Is there any way to specify the only properties that you want returned?

DirectoryEntry base = new DiectoryEntry(rootPath, null, null, AuthenticationTypes.FastBind);
DirectorySearcher groupSearcher = new DirectorySearcher(base);
groupSearcher.Filter = "(objectClass=group)";
groupSearcher.PropertiesToLoad.Add("distinguishedName");
groupSearcher.PropertiesToLoad.Add("description");
foreach (SearchResult groupSr in groupDs.FindAll())
...

当我获得组 DirectoryEntry 时,在 foreach 循环中,我可以访问大约 16 个不同的属性,而不仅仅是我指定的两个(distinguishedName、description)

Inside the foreach loop when I get the group DirectoryEntry there are about 16 different properties that I can access not just the two that I specified (distinguishedName, description)

推荐答案

您的限制是在您的 SearchResult 对象中可用/填充的属性 - 您可以直接访问在您的 foreach 循环中:

The thing you're limiting there are the properties that will be available / filled in your SearchResult objects - which you can access directly in your foreach loop:

DirectoryEntry baseEntry = new DirectoryEntry(rootPath, null, null, AuthenticationTypes.FastBind);

DirectorySearcher groupSearcher = new DirectorySearcher(baseEntry);
groupSearcher.Filter = "(objectClass=group)";

groupSearcher.PropertiesToLoad.Add("distinguishedName");
groupSearcher.PropertiesToLoad.Add("description");

foreach (SearchResult groupSr in groupSearcher.FindAll())
{
   if(groupSr.Properties["description"] != null && groupSr.Properties["description"].Count > 0)
   {
      string description = groupSr.Properties["description"][0].ToString();
   }

  .....
} 

您不能限制实际 DirectoryEntry 的属性 - 因此,如果您获取每个 SearchResult 的目录条目 - 您可以完全访问所有内容.但重点是您可以定义您需要的属性,并在 SearchResult直接访问这些属性,无需返回底层 DirectoryEntry

You cannot limit the properties on the actual DirectoryEntry - so if you go grab the directory entry for each SearchResult - you have full access to everything. But the whole point is that you can define what properties you need, and access those directly on the SearchResult, without having to go back to the underlying DirectoryEntry

这篇关于限制 LDAP 查询中返回的属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

What#39;s the difference between retrieving WindowsPrincipal from WindowsIdentity and Thread.CurrentPrincipal?(从 WindowsIdentity 和 Thread.CurrentPrincipal 检索 WindowsPrincipal 之间有什么区别?)
How do I find a user#39;s Active Directory display name in a C# web application?(如何在 C# Web 应用程序中查找用户的 Active Directory 显示名称?)
How to use Servicestack Authentication with Active Directory/Windows Authentication?(如何在 Active Directory/Windows 身份验证中使用 Servicestack 身份验证?)
How can I authenticate against Active Directory in Nancy?(如何在 Nancy 中对 Active Directory 进行身份验证?)
How to get a username in Active Directory from a display name in C#?(如何从 C# 中的显示名称获取 Active Directory 中的用户名?)
Oauth 2 token for Active Directory accounts(Active Directory 帐户的 Oauth 2 令牌)