C# LDAP 管理

最新推荐文章于 2021-05-18 10:19:28 发布
最新推荐文章于 2021-05-18 10:19:28 发布
阅读量971 收藏 1
点赞数 1

C# LDAP 管理

  1. 验证指定用户是否在域里认证通过:
        public static bool TryAuthenticate(string userName, string password)
        {
            string domain = "litb-inc.com";
            bool isLogin = false;
            try
            {
                DirectoryEntry entry = new DirectoryEntry(string.Format("LDAP://{0}", domain), userName, password);
                entry.RefreshCache();
                DBLog.Debug("check success");
                isLogin = true;
            }
            catch (Exception ex)
            {
                DBLog.Debug("域验证抛出异常 :" + ex.Message + ex.InnerException);
                isLogin = false;
            }
            return isLogin;
        }
  •  
  1. 实现创建域账户的操作
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.DirectoryServices;
using System.Linq;
using System.Text;
using System.Text.RegularExpressions;
 
namespace Litb.HRExtension
{
    public static class AdHerlp
    {
        #region 创建AD连接
        /// <summary>
        /// 创建AD连接
        /// </summary>
        /// <returns></returns>
        public static DirectoryEntry GetDirectoryEntry()
        {
            DirectoryEntry de = new DirectoryEntry();
            de.Path = "LDAP://testhr.com/CN=Users,DC=testhr,DC=com";
            de.Username = @"administrator";
            de.Password = "litb20!!";
            return de;
 
            //DirectoryEntry entry = new DirectoryEntry("LDAP://testhr.com", "administrator", "litb20!!", AuthenticationTypes.Secure);
            //return entry;
 
        }
        #endregion
 
        #region 获取目录实体集合
        /// <summary>
        ///
        /// </summary>
        /// <param name="DomainReference"></param>
        /// <returns></returns>
        public static DirectoryEntry GetDirectoryEntry(string DomainReference)
        {
            DirectoryEntry entry = new DirectoryEntry("LDAP://testhr.com" + DomainReference, "administrator", "litb20!!", AuthenticationTypes.Secure);
            return entry;
        }
        #endregion
    }
 
    //AD操作类
 
    //myDirectory.cs
 
   public  class myDirectory
    {
 
        /// <summary>
        /// 判断用户是否存在
        /// </summary>
        /// <param name="UserName"></param>
        /// <returns></returns>
        public bool UserExists(string UserName)
        {
            DirectoryEntry de = AdHerlp.GetDirectoryEntry();
            DirectorySearcher deSearch = new DirectorySearcher();
            deSearch.SearchRoot = de;
            deSearch.Filter = "(&(objectClass=user) (cn=" + UserName + "))";
            SearchResultCollection results = deSearch.FindAll();
            if (results.Count == 0)
            {
                return false;
            }
            else
            {
                return true;
            }
        }
        /// <summary>
        /// 修改用户属性
        /// </summary>
        /// <param name="de"></param>
        /// <param name="PropertyName"></param>
        /// <param name="PropertyValue"></param>
        public static void SetProperty(DirectoryEntry de, string PropertyName, string PropertyValue)
        {
            if (PropertyValue != null)
            {
                if (de.Properties.Contains(PropertyName))
                {
                    de.Properties[PropertyName][0] = PropertyValue;
                }
                else
                {
                    de.Properties[PropertyName].Add(PropertyValue);
                }
            }
        }
 
        /// <summary>
        /// 生成随机密码
        /// </summary>
        /// <returns></returns>
        public string SetSecurePassword()
        {
            //RandomPassword rp = new RandomPassword();
            return "qwe123!@#";
        }
 
        /// <summary>
        /// 设置用户新密码
        /// </summary>
        /// <param name="path"></param>
        public void SetPassword(DirectoryEntry newuser)
        {
            //DirectoryEntry usr = new DirectoryEntry();
            //usr.Path = path;
            //usr.AuthenticationType = AuthenticationTypes.Secure;
            
            //object[] password = new object[] { SetSecurePassword() };
            //object ret = usr.Invoke("SetPassword", password);
            //usr.CommitChanges();
            //usr.Close();
 
            newuser.AuthenticationType = AuthenticationTypes.Secure;
            object[] password = new object[] { SetSecurePassword() };
            object ret = newuser.Invoke("SetPassword", password);
            newuser.CommitChanges();
            newuser.Close();
 
        }
 
        /// <summary>
        /// 启用用户帐号
        /// </summary>
        /// <param name="de"></param>
        private static void EnableAccount(DirectoryEntry de)
        {
            //UF_DONT_EXPIRE_PASSWD 0x10000
            int exp = (int)de.Properties["userAccountControl"].Value;
            de.Properties["userAccountControl"].Value = exp | 0x0001;
            de.CommitChanges();
            //UF_ACCOUNTDISABLE 0x0002
            int val = (int)de.Properties["userAccountControl"].Value;
            de.Properties["userAccountControl"].Value = val & ~0x0002;
            de.CommitChanges();
        }
 
        /// <summary>
        /// 添加用户到组
        /// </summary>
        /// <param name="de"></param>
        /// <param name="deUser"></param>
        /// <param name="GroupName"></param>
        public static void AddUserToGroup(DirectoryEntry de, DirectoryEntry deUser, string GroupName)
        {
            DirectorySearcher deSearch = new DirectorySearcher();
            deSearch.SearchRoot = de;
            deSearch.Filter = "(&(objectClass=group) (cn=" + GroupName + "))";
            SearchResultCollection results = deSearch.FindAll();
 
            bool isGroupMember = false;
 
            if (results.Count > 0)
            {
                DirectoryEntry group = AdHerlp.GetDirectoryEntry(results[0].Path);
 
                object members = group.Invoke("Members", null);
                foreach (object member in (IEnumerable)members)
                {
                    DirectoryEntry x = new DirectoryEntry(member);
                    if (x.Name != deUser.Name)
                    {
                        isGroupMember = false;
                    }
                    else
                    {
                        isGroupMember = true;
                        break;
                    }
                }
 
                if (!isGroupMember)
                {
                    group.Invoke("Add", new object[] { deUser.Path.ToString() });
                }
                group.Close();
            }
            return;
        }
 
        /// <summary>
        /// 创建一个新用户
        /// </summary>
        /// <param name="employeeID"></param>
        /// <param name="name"></param>
        /// <param name="login"></param>
        /// <param name="email"></param>
        /// <param name="group"></param>
        public void CreateNewUser(string employeeID, string name, string login, string email, string group)
        {
            //Catalog catalog = new Catalog();
            DirectoryEntry de = AdHerlp.GetDirectoryEntry();
 
            /// 1. Create user account
            DirectoryEntries users = de.Children;
            DirectoryEntry newuser = users.Add("CN=" + login, "user");
 
            /// 2. Set properties
            //SetProperty(newuser, "employeeID", employeeID);
            //SetProperty(newuser, "givenname", name);
            //SetProperty(newuser, "SAMAccountName", login);
            //SetProperty(newuser, "userPrincipalName", login);
            //SetProperty(newuser, "mail", email);
            //SetProperty(newuser, "Description", "Create User By HrESS System");
                SetProperty(newuser, "accountExpires", accountExpires);
                SetProperty(newuser, "displayName", login);
                SetProperty(newuser, "sAMAccountName", login);
                //SetProperty(newuser, "memberOf", "CN=Guest wifi,OU=Intretech Internet,OU=Intretech User Group,DC=intretech,DC=com");
                SetProperty(newuser, "userPrincipalName", login + "@intretech.com");
                SetProperty(newuser, "Description", "Create User By Visitor System");
            newuser.CommitChanges();
 
            /// 3. Set password
            newuser.AuthenticationType = AuthenticationTypes.Secure;
            object[] password = new object[] { SetSecurePassword() };
            object ret = newuser.Invoke("SetPassword", password);
            newuser.CommitChanges();
            //newuser.Close();
 
 			//将用户增加到member(隶属于)
                using (DirectoryEntry myde2 = LDAPHelper.GetDirectoryEntry("CN=Guest wifi,OU=Intretech Internet,OU=Intretech User Group,DC=intretech,DC=com")) //设置zixian隶属guests组
                {
                    int i = myde2.Properties["member"].Count + 1;//获取guests成员的个数+1
                    myde2.Properties["member"].Add("CN=" + login + "," + LDAPDomain);//增加zixian用户到member中
                    myde2.CommitChanges();// 更新到ad目录树。

                }
            //SetPassword(newuser);
            //newuser.CommitChanges();
 
            /// 4. Enable account           
            EnableAccount(newuser);
 
            /// 5. Add user account to groups
            AddUserToGroup(de, newuser, group);
 
            /// 6. Create a mailbox in Microsoft Exchange   
            //GenerateMailBox(login);
 
            newuser.Close();
            de.Close();
        }
        /// <summary>
        /// 禁用一个帐号
        /// </summary>
        /// <param name="EmployeeID"></param>
        public void DisableAccount(string EmployeeID)
        {
            DirectoryEntry de = AdHerlp.GetDirectoryEntry();
            DirectorySearcher ds = new DirectorySearcher(de);
            ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" + EmployeeID + "))";
            ds.SearchScope = SearchScope.Subtree;
            SearchResult results = ds.FindOne();
 
            if (results != null)
            {
                DirectoryEntry dey = AdHerlp.GetDirectoryEntry(results.Path);
                int val = (int)dey.Properties["userAccountControl"].Value;
                dey.Properties["userAccountControl"].Value = val | 0x0002;
                dey.Properties["msExchHideFromAddressLists"].Value = "TRUE";
                dey.CommitChanges();
                dey.Close();
            }
 
            de.Close();
        }
        /// <summary>
        /// 修改用户信息
        /// </summary>
        /// <param name="employeeID"></param>
        /// <param name="department"></param>
        /// <param name="title"></param>
        /// <param name="company"></param>
        public void ModifyUser(string employeeID, string department, string title, string company)
        {
            DirectoryEntry de = AdHerlp.GetDirectoryEntry();
            DirectorySearcher ds = new DirectorySearcher(de);
            ds.Filter = "(&(objectCategory=Person)(objectClass=user)(employeeID=" + employeeID + "))";
            ds.SearchScope = SearchScope.Subtree;
            SearchResult results = ds.FindOne();
 
            if (results != null)
            {
                DirectoryEntry dey = AdHerlp.GetDirectoryEntry(results.Path);
                SetProperty(dey, "department", department);
                SetProperty(dey, "title", title);
                SetProperty(dey, "company", company);
                dey.CommitChanges();
                dey.Close();
            }
 
            de.Close();
        }
 
        /// <summary>
        /// 修改用户密码
        /// </summary>
        /// <param name="employeeID"></param>
        /// <param name="department"></param>
        /// <param name="title"></param>
        /// <param name="company"></param>
        public void ModifyPwd(string UserName, string Pwd, string accountExpires)
        {
            DirectoryEntry de = LDAPHelper.GetDirectoryEntry();
            DirectorySearcher ds = new DirectorySearcher(de);
            ds.Filter = "(&(objectClass=user)(sAMAccountName=" + UserName + "))";
            ds.SearchScope = SearchScope.Subtree;
            SearchResult results = ds.FindOne();
            
            if (results != null)
            {
                DirectoryEntry dey = results.GetDirectoryEntry();
                //DirectoryEntry dey = LDAPHelper.GetDirectoryEntry(results.Path);
                if (dey != null)
                {
                    try
                    {
                        /// 3. Set password
                        //dey.AuthenticationType = AuthenticationTypes.Secure;
                        //object[] password = new object[] { "newpassword" };
                        //object ret = dey.Invoke("SetPassword", password);
                        //有效期
                        SetProperty(dey, "accountExpires", accountExpires);
                        dey.CommitChanges();
                        object[] password = new object[] { Pwd };
                        object ret = dey.Invoke("ChangePassword", password);
                        dey.CommitChanges();
                        dey.Close();
                    }
                    catch (Exception ex)
                    { }
                }
            }

            de.Close();
        }
        /// <summary>
        /// 检验Email格式是否正确
        /// </summary>
        /// <param name="mail"></param>
        /// <returns></returns>
        public bool IsEmail(string mail)
        {
            Regex mailPattern = new Regex(@"\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*");
            return mailPattern.IsMatch(mail);
        }
        /// <summary>
        /// 搜索被修改过的用户
        /// </summary>
        /// <param name="fromdate"></param>
        /// <returns></returns>
        public DataTable GetModifiedUsers(DateTime fromdate)
        {
            DataTable dt = new DataTable();
            dt.Columns.Add("EmployeeID");
            dt.Columns.Add("Name");
            dt.Columns.Add("Email");
 
            DirectoryEntry de = AdHerlp.GetDirectoryEntry();
            DirectorySearcher ds = new DirectorySearcher(de);
 
            StringBuilder filter = new StringBuilder();
            filter.Append("(&(objectCategory=Person)(objectClass=user)(whenChanged>=");
            filter.Append(ToADDateString(fromdate));
            filter.Append("))");
 
            ds.Filter = filter.ToString();
            ds.SearchScope = SearchScope.Subtree;
            SearchResultCollection results = ds.FindAll();
 
            foreach (SearchResult result in results)
            {
                DataRow dr = dt.NewRow();
                DirectoryEntry dey = AdHerlp.GetDirectoryEntry(result.Path);
                dr["EmployeeID"] = dey.Properties["employeeID"].Value;
                dr["Name"] = dey.Properties["givenname"].Value;
                dr["Email"] = dey.Properties["mail"].Value;
                dt.Rows.Add(dr);
                dey.Close();
            }
 
            de.Close();
            return dt;
        }
 
        /// <summary>
        /// 格式化AD的时间
        /// </summary>
        /// <param name="date"></param>
        /// <returns></returns>
        public string ToADDateString(DateTime date)
        {
        	return date.ToFileTimeUtc().ToString();
            //string year = date.Year.ToString();
            //int month = date.Month;
            //int day = date.Day;
 
            //StringBuilder sb = new StringBuilder();
            //sb.Append(year);
            //if (month < 10)
           // {
            //    sb.Append("0");
            //}
           // sb.Append(month.ToString());
           // if (day < 10)
           // {
             //   sb.Append("0");
         //   }
           // sb.Append(day.ToString());
           // sb.Append("000000.0Z");
           // return sb.ToString();
        }
    }
}
陈青
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
C#实现使用DirectoryEntry组件建立虚拟目录(附完整源码)
希望我的博客,能帮上你解决学习中工作中所遇到的问题
06-20 32
C#实现使用DirectoryEntry组件建立虚拟目录(附完整源码)
C# LDAP 管理(新增、修改用户信息)
qq_15198113的博客
09-21 1752
C# LDAP 管理 验证指定用户是否在域里认证通过: public static bool TryAuthenticate(string userName, string password) { string domain = &quot;litb-inc.com&quot;; bool isLogin = false; ...
C# LDAP 管理(创建新用户)
a977638248的博客
11-21 237
今天用C#实现了一套LDAP域账号的创建和查询,感受挺多。 算是第一次接触LDAP吧,之前曾经做了一个登录的验证,就是查询功能,那个相对比较简单,用到了一个方法就搞定了。 这次的需求是要用编程的方式创建域账号,实现域登陆。 首先回顾一下之前查询用到的代码: public static bool TryAuthenticate(string userNa...
C# 操作LDAP
weixin_30337251的博客
09-08 827
C# 操作LDAP查找组或人员信息 using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.DirectoryServices; /// <summary> ///ADUtil 的摘要说明 /// </su...
C# 操作LDAP查找组或人员信息
Dev And Ops
10-11 2659
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.DirectoryServices; /// &lt;summary&gt; ///ADUtil 的摘要说明 /// &lt;/summary&gt; public class ADUtil { ...
C# winform 访问LDAP
08-14 149
微软资料:http://www.microsoft.com/china/technet/prodtechnol/exchange/2003/insider/ldapquery.mspx#BasicLDAPSyntax 图1 图2 代码: using System.DirectoryServices; private void btnSearch_Click(obje...
[C#]LDAP验证用户名和密码
热门推荐
paolei的笔记
07-31 1万+
公司打算改用LDAP来存储用户名和密码,现在用C#测试下如何能拿到LDAP中的用户名,并检测用户密码是否正确。即输入用户名和密码,可以检验是否是有效的。 首先我们假设LDAP的server IP是127.0.0.1 基本的DN是ou=user,dc=companyname,dc=com 用来登录的管理员name是cn=sysuser,ou=systemaccounts,dc=co
C#LDAP 验证用户名和密码
一个被IT搞的
04-06 2745
ldapBaseDnPath = "LDAP://localhost/DC=dc3,DC=dc2,DC=dc1" // 'LDAP' 这4个字母必须大写 userName = "Name1" password = "DoNotUseMe" using (DirectoryEntry de = new DirectoryEntry(ldapBaseDnPath, userName, pa
LDAP查询
rj2017211811的博客
12-10 3614
1.查询的命令 -p 指明端口号 -h 指明主机名 -D 指明DN 管理员帐号 -W指明采样手动输入密码的方式 -w 后面加密码,等同于-W 输入密码 -b search base 通常的查询 ldapsearch -p 端口号 -h ldap://主机地址 -D “cn=admin,dc=example,dc=com” -w “管理员密码” -b “搜索的范围,即base(比如dc=example,dc=com)” “(搜索条件,如果不设置,默认搜索base下的所有条目)” 2.查询的过滤条件
linux 修改ldap密码,linux – 未知的LDAP cn =配置管理员密码
weixin_36292762的博客
05-18 441
我不知道当前的Ubuntu软件包如何进行初始的OpenLDAP设置,但是在10.04和12.04这个过程对cn = config都没有很好的考虑.如果设置,您应该在/etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif中的属性olcRootPW中找到密码(它可能是base64编码的).要更改密码,请使用ldapmodify作为root.将其另存...
ldap连接测试工具源代码C#
11-10
总结起来,这个C# LDAP连接测试工具是一个实用的开发辅助软件,尤其对于需要处理Windows域环境的系统管理员和开发者而言。通过学习和使用这个工具,我们可以深入理解LDAP协议、C#编程以及.NET Framework 2.0中的相关...
LDAP工具集成
01-06
本项目利用C#编程语言实现了对LDAP服务的集成,旨在提供便捷的目录管理功能,包括连接测试、用户验证以及用户创建等关键操作。 ### 1. LDAP连接测试 在集成过程中,首先需要建立与LDAP服务器的连接。C#中可以使用`...
Ldap工具
02-18
**LDAP(轻量级目录访问协议)工具**是用于管理和查询LDAP目录服务的软件应用程序。在IT领域,LDAP被广泛用于存储和检索用户账户、权限、组织结构等身份管理数据。C#是一种由微软开发的面向对象的编程语言,它提供了...
ldap c# 测试工具以及源代码(vs2010 winform .net2.0)
12-19
标题中的“ldap c# 测试工具以及源代码”表明这是一个基于C#编程语言开发的轻量级应用程序,用于测试 Lightweight Directory Access Protocol (LDAP) 的连接。这个工具的主要目的是验证 LDAP 用户的身份,即检查输入...
C#.NET LDAPSearch
06-25
标题"C#.NET LDAPSearch"揭示了我们正在讨论的是一个基于C#.NET开发的Windows桌面应用程序,专注于LDAP(轻量级目录访问协议)搜索功能。在Winform环境下,开发者创建了一个用户界面,允许用户查询和浏览LDAP目录...
2024浙江省行政区划矢量图层-省市县乡镇四级行政区划数据下载-带python代码
最新发布
08-02
2024最新浙江省行政区划矢量图层数据,包含省、市、县、乡镇四级行政区划数据下载,附带shp转geojson的python代码
年度销售计划表.xlsx.xlsx
08-01
销售统计,调查问卷,库存明细,跟进表,业绩统计表,差异分析 ,产品清单 适用人群:学习不同技术领域的小白或进阶学习者;可作为毕设项目、课程设计、大作业、工程实训或初期项目立项。
蓝牙BLE 4.0开发课程
08-01
蓝牙BLE 4.0课程
C#修改ldap用户密码
12-02
根据提供的引用内容,可以使用以下C#代码修改LDAP用户密码: ```csharp using System.DirectoryServices; public void ChangePassword(string username, string oldPassword, string newPassword) { try { ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值