更新时间:2022-06-19 22:35:55
我怀疑主要问题可能是:samAccountName
是其他 LDAP 服务器不知道的严格的仅限 Windows 的属性.
I suspect the main problem might be: samAccountName
is a strictly Windows-only attribute that other LDAP servers won't know about.
因此,如果您要使用非 Active Directory LDAP,您应该使用其他东西进行搜索 - 例如sn
(用于姓氏或姓氏),givenName
(名字),可能是 displayName
.
So if you're going against a non-Active Directory LDAP, you should use something else for searching - e.g. sn
(for surname or last name), givenName
(first name), possibly displayName
.
另一个有趣的选择可能是使用 ANR(模糊名称解析)搜索 - 请参阅 SelfADSI 上的这个 页面 大致在中间,这里解释了 ANR.
Another interesting option might be to use ANR (ambiguous name resolution) searches - see this page on SelfADSI roughly in the middle, where ANR is explained.
使用 ANR,您可以这样编写查询:
With ANR, you would write your query like this:
string ldapSearchFilter =
string.Format("(&(ObjectCategory={0})(anr={1}))", "person", username);
我还将 ObjectClass
更改为 ObjectCategory
有两个原因:
I also changed ObjectClass
to ObjectCategory
for two reasons:
ObjectCategory
是单值的,例如只包含一个值(ObjectClass
是多值的)ObjectCategory
通常会被索引,因此使用 ObjectCategory
ObjectCategory
is single-valued, e.g. only contains a single value (ObjectClass
is multi-valued)ObjectCategory
is typically indexed, and thus searches are typically a lot faster using ObjectCategory
这会返回您正在寻找的结果吗?
Does this return the results you're looking for?