.net core在Linux下获取AD域信息
.net core在Linux下获取AD域信息
.net Core 2.1.4
.net core现在System.DirectoryServices只支持Windows平台下使用。
参考:
https://github.com/dotnet/standard/pull/444
https://github.com/dotnet/corefx/issues/2089
private Dictionary<string,string> AuthenticateActiveDirectory(string username, string password) { Dictionary<string, string> dic = new Dictionary<string, string>(); DirectoryEntry entry = new DirectoryEntry(_appConfiguration["LDAP:DE"], username, password); try { DirectorySearcher search = new DirectorySearcher(entry); search.Filter = $"(SAMAccountName={username})"; SearchResult result = search.FindOne(); if (result != null) { dic.Add("state","true"); dic.Add("displayname", result.Properties["displayname"]?[0].ToString()); dic.Add("mail",result.Properties["mail"]?[0].ToString()); } } catch (Exception ex) { dic.Add("state", "false"); dic.Add("errMsg",ex.Message); } return dic; }
Novell.Directory.Ldap
Novell.Directory.Ldap支持.net core2 Linux环境。
public Dictionary<string, string> LdapAuthenticate(string username, string password) { Dictionary<string, string> dic = new Dictionary<string, string>(); var ldapHost = _appConfiguration["LDAP:Host"]; var ldapPort = _appConfiguration.GetValue<int>("LDAP:Port"); var mailSuffix = _appConfiguration["LDAP:MailSuffix"]; var searchBase = _appConfiguration["LDAP:SearchBase"]; var loginDN = username; var sAMAccountName = username; if (username.Contains(mailSuffix)) sAMAccountName = username.Substring(0, username.IndexOf(mailSuffix)); else loginDN = $"{username}{mailSuffix}"; var searchFilter = $"(sAMAccountName={sAMAccountName})"; var attrs = _appConfiguration["LDAP:Attrs"].Split('|'); try { var conn = new LdapConnection(); conn.Connect(ldapHost, ldapPort); conn.Bind(loginDN, password); var lsc = conn.Search(searchBase, LdapConnection.SCOPE_SUB, searchFilter, attrs, false); while (lsc.hasMore()) { LdapEntry nextEntry = null; try { nextEntry = lsc.next(); } catch (LdapException ex) { Logger.Debug(ex.ToString(), ex); continue; } var attributeSet = nextEntry.getAttributeSet(); var ienum = attributeSet.GetEnumerator(); while (ienum.MoveNext()) { var attribute = (LdapAttribute)ienum.Current; var attributeName = attribute.Name.ToLower(); var attributeVal = attribute.StringValue; if (attrs.Contains(attributeName)) { dic.Add(attributeName, attributeVal); } } dic.Add("state", "true"); } conn.Disconnect(); } catch (Exception ex) { dic.Add("state", "false"); dic.Add("errMsg", ex.Message); Logger.Debug(ex.ToString(), ex); } return dic; }
以上配置信息如下:
"LDAP": { "_comment": "域帐号登录配置", "DE": "LDAP://xxx.com", "Host": "xx.xx.xx.xx", "Port": 389, "MailSuffix": "@xxx.com", "Attrs": "displayname|mail|sn", "SearchBase": "DC=xxx,DC=com", "UserRole": "User" },
