问题描述
如何限制通过 System.DirectoryServices 在 LDAP 查询中返回的属性?
How do I limit the attributes that are returned in an LDAP query through System.DirectoryServices?
我一直在使用 DirectorySearcher 并将我想要的属性添加到 DirectorySearcher.PropertiesToLoad.问题是这只是确保添加的属性包含在 DirectoryEntry.Properties 以及一些默认列表中.有什么方法可以指定您想要返回的唯一属性吗?
I have been using a DirectorySearcher and adding the properties that I want to DirectorySearcher.PropertiesToLoad. The problem is that this just makes sure that the added properties are included in the DirectoryEntry.Properties as well as some default list. Is there any way to specify the only properties that you want returned?
DirectoryEntry base = new DiectoryEntry(rootPath, null, null, AuthenticationTypes.FastBind);
DirectorySearcher groupSearcher = new DirectorySearcher(base);
groupSearcher.Filter = "(objectClass=group)";
groupSearcher.PropertiesToLoad.Add("distinguishedName");
groupSearcher.PropertiesToLoad.Add("description");
foreach (SearchResult groupSr in groupDs.FindAll())
...
当我获得组 DirectoryEntry 时,在 foreach 循环中,我可以访问大约 16 个不同的属性,而不仅仅是我指定的两个(distinguishedName、description)
Inside the foreach loop when I get the group DirectoryEntry there are about 16 different properties that I can access not just the two that I specified (distinguishedName, description)
推荐答案
您的限制是在您的 SearchResult
对象中可用/填充的属性 - 您可以直接访问在您的 foreach
循环中:
The thing you're limiting there are the properties that will be available / filled in your SearchResult
objects - which you can access directly in your foreach
loop:
DirectoryEntry baseEntry = new DirectoryEntry(rootPath, null, null, AuthenticationTypes.FastBind);
DirectorySearcher groupSearcher = new DirectorySearcher(baseEntry);
groupSearcher.Filter = "(objectClass=group)";
groupSearcher.PropertiesToLoad.Add("distinguishedName");
groupSearcher.PropertiesToLoad.Add("description");
foreach (SearchResult groupSr in groupSearcher.FindAll())
{
if(groupSr.Properties["description"] != null && groupSr.Properties["description"].Count > 0)
{
string description = groupSr.Properties["description"][0].ToString();
}
.....
}
您不能限制实际 DirectoryEntry
的属性 - 因此,如果您获取每个 SearchResult
的目录条目 - 您可以完全访问所有内容.但重点是您可以定义您需要的属性,并在 SearchResult
上直接访问这些属性,无需返回底层 DirectoryEntry
You cannot limit the properties on the actual DirectoryEntry
- so if you go grab the directory entry for each SearchResult
- you have full access to everything. But the whole point is that you can define what properties you need, and access those directly on the SearchResult
, without having to go back to the underlying DirectoryEntry
这篇关于限制 LDAP 查询中返回的属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!