本文介绍了LDAP的ldap_search_s()在Windows Active Directory上失败的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我已经在Windows 2008服务器上设置了Active Directory服务.我添加了一个用户,这是DN(DistingushedName)DN CN = ashwin,CN = Users,DC = test,DC = com

I have setup an Active Directory service on my Windows 2008 server.I have added an user and here is the DN (DistingushedName) CN=ashwin,CN=Users,DC=test,DC=com

没有为DN设置密码,并且允许匿名绑定.我有一个连接到AD并搜索用户的示例(测试代码)C ++程序.

There is no password set for the DN and anonymous binds are allowed. I have a sample (test code) C++ program that connects to AD and searches the user.

#include "windows.h"
#include "winldap.h"
#include "stdio.h"

//  Entry point for your application
int main(int argc, char* argv[])
{
    LDAP* pLdapConnection = NULL;
    INT returnCode = 0;
    INT connectSuccess = 0;
    ULONG version = LDAP_VERSION3;
    LONG lv = 0;
    int option(0);
    LDAPMessage *vLdapMessage;

    //  Initialize an LDAP session without SSL.
    pLdapConnection = ldap_init("192.168.56.128",389);
    if (pLdapConnection == NULL)
    {
        printf( "ldap_init failed with 0x%x.\n",hr);
        return -1;
    }

    //  Specify version 3; the default is version 2.
    returnCode = ldap_set_option(pLdapConnection,
        LDAP_OPT_PROTOCOL_VERSION,
        (void*)&version);
    if (returnCode != LDAP_SUCCESS)
        goto FatalExit;

    //Turning off referrals
    ldap_set_option(pLdapConnection, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); // required

    //  Connect to the server.
    connectSuccess = ldap_connect(pLdapConnection, NULL);

    if(connectSuccess != LDAP_SUCCESS)
    {
        printf("ldap_connect failed with 0x%x.\n",connectSuccess);
        goto FatalExit;
    }

    //  Bind with current credentials.
    printf("Binding ...\n");
    returnCode = ldap_bind_s(pLdapConnection,NULL, NULL, LDAP_AUTH_SIMPLE);
    if (returnCode != LDAP_SUCCESS)
        goto FatalExit;

    returnCode = ldap_search_s(pLdapConnection, "DC=test, DC=com", LDAP_SCOPE_SUBTREE, "CN=ashwin", NULL, 0, &vLdapMessage);

    if (returnCode != LDAP_SUCCESS)
        goto FatalExit;

NormalExit:
    if (pLdapConnection != NULL)
        ldap_unbind_s(pLdapConnection);
    return 0;

FatalExit:
    if( pLdapConnection != NULL )
        ldap_unbind_s(pLdapConnection);
    printf( "\n\nERROR: 0x%x\n", returnCode);
    return returnCode;
}

搜索失败. ldap_search_s 始终返回1.在Apache目录服务上进行相同的设置测试也可以正常工作.

The search fails. ldap_search_s always returns 1.The same setup testing on Apache directory service works fine.

有人可以指出为什么这不适用于Windows AD吗?该程序有什么问题?

Could someone point why this does not work with Windows AD? what is wrong in the program?

推荐答案

Active Directory过滤语法可能非常冗长.据我所知,您只需要稍微修改一下过滤器即可.试试这个:

Active Directory filtering syntax can be quite verbose. From what I can tell, you just need to modify your filter slightly. Try this :

(&(objectClass = user)(distinguishedName = CN = ashwin,CN = Users,DC = test,DC = com))

但是,对于单用户筛选,我将尝试使用sAMAccountName.通常,该格式遵循{FirstInitial} {LastName}格式,并且对用户来说是唯一的(例如JSmith):

However, for single user filtering, I'd try using the sAMAccountName. This generally follows a {FirstInitial}{LastName} format, and would be unique to the user (Ex. JSmith) :

(&(objectClass = user)(sAMAccountName = JSmith))

这篇关于LDAP的ldap_search_s()在Windows Active Directory上失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-05 11:31